Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 8/3/2021.
 	Claims 1-20 are examined and rejected. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/30/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998);  In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993);  In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.  See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA .  A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms that may be used.  Please visit www.uspto.gov/patent/patents-forms.  The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens.  An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent 11,140,124. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is covered by the U.S. Patent 11,140,124.
This is a non-statutory double patenting rejection. The assignee of the application and the patent is the same.
Exemplary claim 1 with the substantive differences / similarities between the conflicting claim 1 identified in bold is outlined below in the following comparison table.

Claim Comparison Table   
Instant Application
17,446,370
US Patent 
11,140,124
1. A method, comprising: 
receiving, at a device in a network, domain name system (DNS) information for a domain, wherein the DNS information includes one or more service tags indicative of one or more services offered by the domain; populating, by the device, a local database of DNS information from the received DNS information; 
detecting, by the device, an encrypted traffic flow associated with the domain; 
identifying, by the device, a service of the one or more services offered by the domain as associated with the encrypted traffic flow based on information in the local database; and 
deprioritizing, by the device, the encrypted traffic flow based on the identified service of the one or more services.
1. A method, comprising: 
receiving, at a device in a network, domain name system (DNS) information for a domain, wherein the DNS information includes one or more service tags indicative of one or more services offered by the domain; populating, by the device, a local database of DNS information from the received DNS information; 
training, by the device, a machine learning-based traffic flow classifier to distinguish one or more domain services associated with the domain; 
detecting, by the device, an encrypted traffic flow associated with the domain; 
identifying, by the device, a service of the one or more domain services as associated with the encrypted traffic flow based on information in the local database and by applying the machine learning-based traffic flow classifier to the encrypted traffic flow; and 
prioritizing, by the device, the encrypted traffic flow based on the identified service of the one or more services associated with the encrypted traffic flow.





Claim 1 of the instant application is broader in all respects than conflicting claim  1 of Patent No. U.S. Patent 11,140,124.  It is clear that all the elements of independent claims of the instant application are to be found in the independent claims of patent ‘124. The difference between the instant application independent claims and independent patent claims lies in the fact that the patented claim includes more elements and is thus more specific. 
For example, both the inventions are directed towards – analysis of network traffic with encryption and service tags to determine their order / priority flow in network, where instant application claim 1 recites ‘receiving, detecting and analyzing the encrypted flow with service tags and determining their priority level of flow / analysis’ similarly in the patent claim 1 the ‘receiving, detecting and prioritizing network flow based on their encryption level and service tags with machine learning training function added to analysis of encrypted flow’. Thus, claim 1 of instant application is broader  and anticipated by claim 1 of Patent ‘124.

Further, Claims 1-20 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent 10,554,614. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is covered by the U.S. Patent 10,554,614.
This is a non-statutory double patenting rejection. The assignee of the application and the patent is the same.
Exemplary claim 1 with the substantive differences / similarities between the conflicting claim 1 identified in bold is outlined below in the following comparison table.

Claim Comparison Table   
Instant Application
17,446,370
US Patent 
10,554,614
1. A method, comprising: 
receiving, at a device in a network, domain name system (DNS) information for a domain, wherein the DNS information includes one or more service tags indicative of one or more services offered by the domain; populating, by the device, a local database of DNS information from the received DNS information; 
detecting, by the device, an encrypted traffic flow associated with the domain; 
identifying, by the device, a service of the one or more services offered by the domain as associated with the encrypted traffic flow based on information in the local database; and 
deprioritizing, by the device, the encrypted traffic flow based on the identified service of the one or more services.
1. A method, comprising: 
receiving, at a device in a network, domain name system (DNS) information for a domain, wherein the DNS information includes one or more service tags indicative of one or more services offered by the domain; 
populating, by the device, a database of DNS information regarding a plurality of domains based in part on the received DNS information for the domain, the database of DNS information including the one or more service tags in the received DNS information; 
training, by the device, a machine learning-based traffic flow classifier to distinguish domain services based on a plurality of observed traffic flows and service information stored in the database regarding the plurality of observed traffic flows; 
detecting, by the device, an encrypted traffic flow associated with the domain; 
identifying, by the device, a service of the one or more services as associated with the encrypted traffic flow based on a lookup in the database of DNS information and by applying the machine learning-based traffic flow classifier to the encrypted traffic flow to identify the service from among the one or more services offered by the domain; and 
prioritizing, by the device, the encrypted traffic flow based on the identified service of the one or more services associated with the encrypted traffic flow.






Claim 1 of the instant application is broader in all respects than conflicting claim  1 of Patent No. U.S. Patent 10,554,614.  It is clear that all the elements of independent claims of the instant application are to be found in the independent claims of patent ‘614. The difference between the instant application independent claims and independent patent claims lies in the fact that the patented claim includes more elements and is thus more specific. 

For example, both the inventions are directed towards – analysis of network traffic with encryption and service tags to determine their order / priority flow in network, where instant application claim 1 recites ‘receiving, detecting and analyzing the encrypted flow with service tags and determining their priority level of flow / analysis’ similarly in the patent claim 1 the ‘receiving, detecting and prioritizing network flow based on their encryption level and service tags along with populating of DNS database and machine learning training function added to analysis of encrypted flow’. Thus, claim 1 of instant application is broader  and anticipated by claim 1 of Patent ‘614.



A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus)." ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
This is non-statutory type double patenting rejection since the conflicting claims have been patented.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.




Claims 1, 2, 6-9, 13-15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication 2013/0304796 to Jackowski et al. (hereinafter known as “Jackowski”) and in view of U.S. Publication 2017/0064749 to Jain et al (hereinafter “Jain”). 

As per claim 1 Jackowski teaches, a method, comprising: 
receiving, at a device in a network, domain name system (DNS) information (Jackowski para 57 teaches DNS request from clients at element 102 with IP address) for a domain, wherein the DNS information includes one or more service tags indicative of one or more services offered by the domain (Jackowski para 111 tag of information in data packet – Fig 2A); 
detecting, by the device, an encrypted traffic flow associated with the domain (Jackowski Fig 5B – para 51, 53 and 227 receiving encrypted traffic); 
identifying, by the device, a service of the one or more services offered by the domain as associated with the encrypted traffic flow based on information in the local database (Jackowski para 53, 54 teaches where traffic based on encryption protocol SSL / TLS provides following service – acceleration, compression, decompression, pooling etc based on SSL processing which provides logic, rules and functions. Para 57 teaches DNS (domain name resolver) service where DNS request is intercepted with an IP address of second appliance. Examiner interprets execution of rules / function as service associated with data traffic); and 
Jackowski does not teach however Jain teaches, 
populating, by the device, a local database of DNS information from the received DNS information (Jain Fig 15 and 16 teaches para 146, 194 - 196 - DNS lookup table, para 147 teaches service module with MDM attributes. Para 146 Fig 15 teaches – DNS lookups to two different DNS servers with associated regions of the mobile device. In summary – DNS lookups is known function to direct / redirect traffic within network protocol to direct data traffic from one device to another with IP address / DNS lookup for the domain database. Para 181 teaches forwarding MDM (mobile device management attributes with service tags. Examiner interprets forwarding includes DNS lookup (address information) with identified service tags); 
deprioritizing, by the device, the encrypted traffic flow based on the identified service of the one or more services8 (Jain para 85 and 194 - 196 teaches priority based on MDM attributes and firewall rule based logical segmentation of data flow, which is interpreted by examiner as assigning priority or depriority to data flow based on rule based analysis of data flow).
Jain teaches packet analysis / firewall rules for filtering packets / lookup of DNS tables which is populating of DNS information of claim limitation, service tags as attributes by MDM (mobile device management), to route data packets as per their attributes, address and identifier(s). 

Jackowski teaches DNS with service tags (abstract). Jackowski does not teach however Jain teaches DNS information lookup with service tags of data information (Para 146, 194-196).  Jackowski – Jain are analogous art because they both are from the same area, secure processing of data exchange in network.  It would have been obvious to one of ordinary skill in the art before the filing date of the claimed invention, having the teachings of Jackowski before him or her and to include Jain’s DNS lookup with service tags.  The suggestion/motivation for doing so would have been to enhance granular profile-based access (para 4). 

As per claim 2 combination of Jackowski – Jain teaches, the method as in claim 1, further comprising: sending, by the device, a DNS request for the DNS information, wherein the DNS request includes a request for the one or more service tags indicative of the one or more services offered by the domain (Jain – Fig 25 element 2500 – element 2525 teaches service offered by firewall / DNS para 196-197 – DNS describes service protocols – routing protocols – reroute, block, redirect, etc. 2525 teaches other service tags – HTTP, VPN, FPN etc).

As per claim 6 combination of Jackowski – Jain teaches, the method as in claim 1, wherein the device is located in an access network (Jackowski para 35 teaches LAN / WAN access network).
As per claim 7 combination of Jackowski – Jain teaches, the method of claim 1, wherein the service associated with the encrypted traffic flow is identified while the encrypted traffic flow is still encrypted (Jackowski para 53 and 93).
Claim 8, 
Claim 8 is rejected in accordance with claim 1. 
Claim 9, 
Claim 9 is rejected in accordance with claim 2. 
Claim 13, 
Claim 13 is rejected in accordance with claim 6. 
Claim 14, 
Claim 14 is rejected in accordance with claim 7. 
Claim 15, 
Claim 15 is rejected in accordance with claim 1. 
As per claim 16 combination of Jackowski – Jain teaches, the tangible, non-transitory, computer-readable medium as in claim 15, wherein the process further comprises: altering, by the device, the received DNS information by stripping the one or more service tags (Jackowski para 57 and 180); and 
forwarding, by the device, the altered DNS information to a client device, in response to a DNS request from the client device (Jackowski para 57 and 180).
Claim 20, 
Claim 20 is rejected in accordance with claim 1. 

Claims 3, 4, 10, 11, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication 2013/0304796 to Jackowski et al. (hereinafter known as “Jackowski”) and in view of U.S. Publication 2017/0064749 to Jain et al (hereinafter “Jain”) and further in view of U.S. Publication 2015/0256508 to Jain et al (hereinafter “Townsend”). 

As per claim 3 combination of Jackowski – Jain teaches, the method as in claim 2, wherein the request for the one or more service tags is included in an extension mechanism for DNS (EDNS) field of the DNS request (Townsend para 31 teaches DNS requests to include extension of DNS as EDNS).

Jackowski – Jain teaches DNS with service tags. Jackowski – Jain does not teach however Townsend teaches where extension of DNS as EDNS (para 31).  Jackowski – Jain – Townsend are analogous art because they are from the same area, DNS protocol for data exchange.  It would have been obvious to one of ordinary skill in the art before the filing date of the claimed invention, having the teachings of Jackowski – Jain before him or her and to include Townsend’s extension DNS (EDNS).  The suggestion/motivation for doing so would have been to enhance validation of DNS record (para 9). 

As per claim 4 combination of Jackowski – Jain - Townsend teaches, the method as in claim 1, wherein the DNS information is received via a DNS response that includes the one or more service tags in an extension mechanism for DNS (EDNS) field (Townsend para 31 teaches DNS labels and 36 teaches DNS services of user / subscriber and as explained in claim 3).
Claim 10, 
Claim 10 is rejected in accordance with claim 3. 
Claim 11, 
Claim 11 is rejected in accordance with claim 4. 
Claim 17, 
Claim 17 is rejected in accordance with claim 3. 
Claim 18, 
Claim 18 is rejected in accordance with claim 4. 

Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication 2013/0304796 to Jackowski et al. (hereinafter known as “Jackowski”) and in view of U.S. Publication 2017/0064749 to Jain et al (hereinafter “Jain”) and in view of U.S. Publication 2016/0065597 to Nguyen et al (hereinafter “Nguyen”). 

As per claim 5 combination of Jackowski – Jain teaches, the method as in claim 1, wherein the received DNS information further comprises a reputation score associated with the domain, and wherein the encrypted traffic flow is deprioritized based on the reputation score associated with the domain (Nguyen – para 58, 76 and para 72, 75 -  76 where reputation scoring system with machine learning classifier is equivalent to claimed function of prioritized data flow based with score (attributes) as described by Nguyen and Jain).1

Jackowski – Jain teaches DNS with service tags for traffic analysis. Jackowski – Jain does not teach however Nguyen teaches training of traffic flow to distinguish service information.  Jackowski – Jain – Nguyen are analogous art because they all are from the same area, network traffic analysis.  It would have been obvious to one of ordinary skill in the art before the filing date of the claimed invention, having the teachings of Jackowski – Jain before him or her and to include Nguyen’s system for classification of network traffic flow.  The suggestion/motivation for doing so would have been to enhance methods of identification for malicious servers (para 5). 
Claim 12, 
Claim 12 is rejected in accordance with claim 5. 
Claim 19, 
Claim 19 is rejected in accordance with claim 5. 

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kalisky et al US Patent 9705682 
Pandya et al US Patent 9756012
Wong et al US Publication 2016/0127808 
Keren et al US Publication 2016/0055490 
Sadovsky et al US Publication 2015/0180894 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431