DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined. 

Priority
Acknowledgement is made of the applicant’s claim to priority as a continuation of parent application 15/881481, now, U.S Patent No. 11012467.

Information Disclosure Statement
The information disclosure statements (IDSs) submitted on 05/10/2021 and 07/02/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 5 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claims 5 and 15 recites the limitation "the URL address" in the second paragraph.  There is insufficient antecedent basis for this limitation in the claim.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 11012467. Although the claims at issue are not identical, they are not patentably distinct from each other because: 
Instant application
U.S. Patent No. 11012467
1. A method for operating a telecommunications network, the method comprising: 
obtaining request records from a domain name server (DNS) of a content delivery network (CDN), the DNS being of a DNS architecture of the CDN; 
creating a DNS request result file comprising a plurality of domain name addresses and associated plurality of Internet Protocol (IP) addresses at which requested content of the CDN is accessible to a requesting device; receiving a first DNS request intended for the DNS of the CDN, the first DNS request comprising a first domain name address for a requested content; and 





mitigating the first DNS request intended for the DNS of the CDN when the first domain name address of the first DNS request is not included in the DNS request result file.
7. The method of claim 1 wherein mitigating the first DNS request further comprises transmitting a redirect instruction to the requesting device that indicates an IP address associated with a hypertext transfer protocol (HTTP) server.




2. The method of claim 1 further comprising: receiving a Domain Name System Security Extension (DNSSEC) request from the requesting device; and transmitting a portion of the DNS request result file to the requesting device in response to the DNSSEC request.

3. The method of claim 2 wherein the portion of the DNS request result file comprises less than all of a range of domain names of the DNS request file.

4. The method of claim 3 further comprising: detecting an attack on the DNS from a plurality of requesting devices; and transmitting an entire DNS request result file to the requesting device in response to the DNSSEC request.

5. The method of claim 1 further comprising: receiving a second DNS request intended for the DNS of the CDN, the second DNS request comprising a second domain name address for a requested content; and transmitting the second DNS request to the DNS when the URL address of the second DNS request is included in the DNS request result file.

8. The method of claim 7 wherein redirect instruction further comprises a designated caching period instruction for the requesting device, the requesting device caching the IP address associated with the HTTP server for the designated caching period.
1. A method for operating a telecommunications network, the method comprising: 
obtaining request records from a domain name server (DNS) of a content delivery network (CDN), the DNS being of a DNS architecture of the CDN; 
creating a DNS request result file comprising a plurality of domain name addresses and associated plurality of Internet Protocol (IP) addresses at which requested content of the CDN is accessible to a requesting device; receiving, at a proxy server, a first DNS request intended for the DNS of the CDN, the first DNS request received from a requesting device and comprising a first domain name address for a requested content; determining whether the first domain name address of the first DNS request is included in the DNS request result file; and 
processing the first DNS request intended for the DNS of the CDN when the first domain name address of the first DNS request is not included in the DNS request result file, wherein processing the first DNS request comprises: transmitting a redirect instruction to the requesting device that indicates an IP address associated with a hypertext transfer protocol (HTTP) server; receiving, at the proxy server, a second DNS request from the HTTP server; and determining whether the second DNS request from the HTTP server is a redirection of the first DNS request.

2. The method of claim 1 further comprising: receiving a Domain Name System Security Extension (DNSSEC) request from the requesting device; and transmitting a portion of the DNS request result file to the requesting device in response to the DNSSEC request.

3. The method of claim 2 wherein the portion of the DNS request result file comprises less than all of a range of domain names of the DNS request file.

4. The method of claim 3 further comprising: detecting an attack on the DNS from a plurality of requesting devices; and transmitting an entire DNS request result file to the requesting device in response to the DNSSEC request.

5. The method of claim 1 further comprising: receiving a third DNS request intended for the DNS of the CDN, the third DNS request comprising a third domain name address for a requested content; and transmitting the third DNS request to the DNS when the domain name address of the third DNS request is included in the DNS request result file.

6. The method of claim 1 wherein redirect instruction further comprises a designated caching period instruction for the requesting device, the requesting device caching the IP address associated with the HTTP server for the designated caching period.


Similarly, the rest of the independent and dependent claims of the instant application are analogous to the rest of the independent and dependent claims of U.S. Patent No. 11012467.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 9, 12, 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over applicant provided prior art US 20150215334 to Bingham et al (hereinafter Bingham) and applicant provided prior art US 9756071 to Golshan et al (hereinafter Golshan).
As per claim 1, Bingham teaches: 
A method for operating a telecommunications network, the method comprising: 
obtaining request records from a domain name server (DNS) of a content delivery network (CDN) (Bingham: [0016]: Selection of the link in some form causes a request to be sent to a directory server providing a DNS service in the CDN. [0020]: In one implementation, a processing cluster 104 regularly gathers the security data 102 from a variety of trusted sources having information relating to the activity of IP addresses. [0022]: The CDN log 108 and the DNS log 110 may be obtained, for example, as described with respect to FIG. 3 and retrieved by the processing cluster 104. Fig. 3 and [0056]-[0057]: The directory server 310 resolves the link name (e.g., a URL or other identifier) to an associated network address from which the user device 308 can retrieve the requested content. The DNS log 110 includes a list of DNS requests and information about the requests, including the network addresses); 
creating a DNS request result file comprising a plurality of domain name addresses and associated plurality of Internet Protocol (IP) addresses at which requested content of the CDN is accessible to a requesting device (Bingham: [0016]: In some instances, the user may select a graphic of the movie, and that graphic is associated with the link that begins the process of obtaining the movie data from the CDN. Selection of the link in some form causes a request to be sent to a directory server providing a DNS service in the CDN. The directory server responds to the request by providing a network address (e.g., an IP address) from which the movie may be retrieved. The DNS log includes a history of network addresses to which various IP addresses were resolved in response to the selection or input of a link (e.g., a Uniform Resource Locator (URL) or other identifier). [0022]: The CDN log 108 and the DNS log 110 may be obtained, for example, as described with respect to FIG. 3 and retrieved by the processing cluster 104); 
Bingham does not teach: receiving a first DNS request intended for the DNS of the CDN, the first DNS request comprising a first domain name address for a requested content; and mitigating the first DNS request intended for the DNS of the CDN when the first domain name address of the first DNS request is not included in the DNS request result file. However, Golshan teaches:
receiving a first DNS request intended for the DNS of the CDN, the first DNS request comprising a first domain name address for a requested content (Golshan: column 2, lines 55-67: In an exemplary embodiment illustrated in FIG. 1A, client 120 sends a DNS UDP request 125 using User Datagram Protocol (UDP) over data network 105. DNS UDP request 125 may include a domain name 130. DNS proxy server 115 receives DNS UDP request 125); and 
mitigating the first DNS request intended for the DNS of the CDN when the first domain name address of the first DNS request is not included in the DNS request result file (Golshan: column 2, lines 55-67: DNS proxy server 115 matches domain name 130 against the plurality of domain names in DNS entry table 135. Sometimes DNS proxy server 115 does not find a match between domain name 130 and DNS entry table 135. Subsequently, DNS proxy server 115 sends a DNS UDP response 145 indicating no result is found. DNS proxy server 115 then indicates in a DNS UDP response 145 to ask client 120 to send a DNS request using Transmission Control Protocol (TCP)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Golshan in the invention of Bingham to include the above limitations. The motivation to do so would be to protecting a data network from a DNS denial of service attack (Golshan: column 1, lines 57-58).

As per claim 9, Bingham teaches: 
A content delivery network (CDN) comprising: 
a domain name server (DNS) architecture comprising a plurality of servers (Bingham: [0020]: A primary network, such as a large ISP or backbone provider, includes edge devices, servers, and other network components uniquely positioned to capture the security data 102. Fig. 3 and [0055]: As shown, the network environment 300 includes a CDN 302, which may include components of one or more networks. [0057]: the directory server 310 provides a domain name system (DNS) service); and 
a proxy server associated with and in communication with at least one server of the plurality of servers of the DNS architecture (Bingham: [0020]: In one implementation, a processing cluster 104 regularly gathers the security data 102 from a variety of trusted sources having information relating to the activity of IP addresses. A primary network, such as a large ISP or backbone provider, includes edge devices, servers, and other network components uniquely positioned to capture the security data 102), the proxy server configured to: 
obtain a record of request results of the at least one server of the plurality of servers, the record comprising a plurality of domain name addresses and associated plurality of Internet Protocol (IP) addresses at which requested content of the CDN is accessible to a requesting device (Bingham: [0016]: Selection of the link in some form causes a request to be sent to a directory server providing a DNS service in the CDN. [0020]: In one implementation, a processing cluster 104 regularly gathers the security data 102 from a variety of trusted sources having information relating to the activity of IP addresses. [0022]: The CDN log 108 and the DNS log 110 may be obtained, for example, as described with respect to FIG. 3 and retrieved by the processing cluster 104. Fig. 3 and [0056]-[0057]: The directory server 310 resolves the link name (e.g., a URL or other identifier) to an associated network address from which the user device 308 can retrieve the requested content. The DNS log 110 includes a list of DNS requests and information about the requests, including the network addresses); 
create a DNS request result file associated with the at least one server based on the obtained record of request results, the DNS request result file comprising the plurality of domain name addresses and associated plurality of IP addresses (Bingham: [0016]: In some instances, the user may select a graphic of the movie, and that graphic is associated with the link that begins the process of obtaining the movie data from the CDN. Selection of the link in some form causes a request to be sent to a directory server providing a DNS service in the CDN. The directory server responds to the request by providing a network address (e.g., an IP address) from which the movie may be retrieved. The DNS log includes a history of network addresses to which various IP addresses were resolved in response to the selection or input of a link (e.g., a Uniform Resource Locator (URL) or other identifier). [0022]: The CDN log 108 and the DNS log 110 may be obtained, for example, as described with respect to FIG. 3 and retrieved by the processing cluster 104); 
Bingham does not teach: receive a first DNS request intended for the at least one server of the plurality of servers, the first DNS request comprising a first domain name address for a requested content; and mitigate the first DNS request intended for the at least one server of the plurality of servers when the first domain name address of the first DNS request is not included in the DNS request result file. However, Golshan teaches:
receive a first DNS request intended for the at least one server of the plurality of servers, the first DNS request comprising a first domain name address for a requested content (Golshan: column 2, lines 55-67: In an exemplary embodiment illustrated in FIG. 1A, client 120 sends a DNS UDP request 125 using User Datagram Protocol (UDP) over data network 105. DNS UDP request 125 may include a domain name 130. DNS proxy server 115 receives DNS UDP request 125); and 
mitigate the first DNS request intended for the at least one server of the plurality of servers when the first domain name address of the first DNS request is not included in the DNS request result file (Golshan: column 2, lines 55-67: DNS proxy server 115 matches domain name 130 against the plurality of domain names in DNS entry table 135. Sometimes DNS proxy server 115 does not find a match between domain name 130 and DNS entry table 135. Subsequently, DNS proxy server 115 sends a DNS UDP response 145 indicating no result is found. DNS proxy server 115 then indicates in a DNS UDP response 145 to ask client 120 to send a DNS request using Transmission Control Protocol (TCP)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Golshan in the invention of Bingham to include the above limitations. The motivation to do so would be to protecting a data network from a DNS denial of service attack (Golshan: column 1, lines 57-58).

As per claim 12, Bingham in view of Golshan teaches: 
The content delivery network of claim 9 wherein obtaining a record of request results of the at least one server of the plurality of servers comprises: monitoring a plurality of requests for content intended for at least one server of the plurality of servers over a period of time; and storing the plurality of requests for content intended for at least one server of the plurality of servers over the period of time (Golshan: column 4, lines 56-67: In step 270, DNS server 110 resolves the query and responds to the DNS proxy server 115 with the DNS response. In step 280, the DNS proxy server adds this DNS response to its cache, and forwards the response to client 120A in step 290. Column 6, lines 28-67: FIG. 4 illustrates an exemplary embodiment of managing a DNS entry table by a DNS proxy server. In some embodiments, DNS entry table 135 includes a DNS entry 405. DNS entry 405 is associated with a timestamp 410. Timestamp 410 indicates availability of DNS entry 405. In various embodiments, DNS proxy server 115 is connected to a clock or timer 415. DNS proxy server 115 examines timer 415 and compares it to timestamp 410. If DNS proxy server 115 determines timestamp 410 to be expired, DNS proxy server 115 removes DNS entry 405 from DNS entry table 135, or marks DNS entry 405 invalid in DNS entry table 135. In some embodiments, DNS proxy server 115 creates DNS entry table 135 by downloading a plurality of DNS entry information from DNS server 110. This information may be updated on a fixed periodic basis, upon certain trigger events, or as directed by a network administrator).

As per claim 13, Bingham in view of Golshan teaches: 
The content delivery network of claim 9 wherein the proxy server is further configured to: update the DNS request result file with newly received DNS requests intended for the at least one server of the plurality of servers (Golshan: column 4, lines 56-67: In step 270, DNS server 110 resolves the query and responds to the DNS proxy server 115 with the DNS response. In step 280, the DNS proxy server adds this DNS response to its cache, and forwards the response to client 120A in step 290. Column 6, lines 54-67: In some embodiments, DNS proxy server 115 creates DNS entry table 135 by downloading a plurality of DNS entry information from DNS server 110. This information may be updated on a fixed periodic basis, upon certain trigger events, or as directed by a network administrator. DNS proxy server 115 may also create DNS entry table 135 after DNS proxy server 115 receives a DNS request from a client device. From time to time, DNS server 110 may send a plurality of DNS entry information to DNS proxy server 115).

As per claim 18, Bingham teaches: 
A networking device comprising: 
the particular DNS being a component of a DNS architecture of the CDN (Bingham: Fig. 3 and [0055]: As shown, the network environment 300 includes a CDN 302, which may include components of one or more networks. [0057]: the directory server 310 provides a domain name system (DNS) service); 
a processing device; and a computer-readable medium connected to the processing device configured to store information and instructions that, when executed by the processing device (Bingham: [0062]: Referring to FIG. 5, a detailed description of an example computing system 500 having one or more computing units that may implement various systems and methods discussed herein is provided. The computing system 500 may be applicable to the processing cluster. [0063] The computer system 500 may be a general computing system is capable of executing a computer program product to execute a computer process. Some of the elements of a general purpose computer system 500 are shown in FIG. 5 wherein a processor 502 is shown having an input/output (I/O) section 504, a Central Processing Unit (CPU) 506, and a memory section 508. [0067]), performs the operations of: 
obtaining request records from the particular DNS (Bingham: [0016]: Selection of the link in some form causes a request to be sent to a directory server providing a DNS service in the CDN. [0020]: In one implementation, a processing cluster 104 regularly gathers the security data 102 from a variety of trusted sources having information relating to the activity of IP addresses. [0022]: The CDN log 108 and the DNS log 110 may be obtained, for example, as described with respect to FIG. 3 and retrieved by the processing cluster 104. Fig. 3 and [0056]-[0057]: The directory server 310 resolves the link name (e.g., a URL or other identifier) to an associated network address from which the user device 308 can retrieve the requested content. The DNS log 110 includes a list of DNS requests and information about the requests, including the network addresses); 
creating a DNS request result file comprising a plurality of domain name addresses and associated plurality of Internet Protocol (IP) addresses at which requested content of the CDN is accessible to a requesting device (Bingham: [0016]: In some instances, the user may select a graphic of the movie, and that graphic is associated with the link that begins the process of obtaining the movie data from the CDN. Selection of the link in some form causes a request to be sent to a directory server providing a DNS service in the CDN. The directory server responds to the request by providing a network address (e.g., an IP address) from which the movie may be retrieved. The DNS log includes a history of network addresses to which various IP addresses were resolved in response to the selection or input of a link (e.g., a Uniform Resource Locator (URL) or other identifier). [0022]: The CDN log 108 and the DNS log 110 may be obtained, for example, as described with respect to FIG. 3 and retrieved by the processing cluster 104); 
Bingham does not teach: at least one communication port for receiving a first domain name server (DNS) request intended for a particular DNS of a content delivery network (CDN), the first DNS request comprising a first domain name address for a requested content available from the CDN; mitigating the first DNS request intended for the particular DNS of the CDN when the first domain name address of the first DNS request is not included in the DNS request result file. However, Golshan teaches:
at least one communication port for receiving a first domain name server (DNS) request intended for a particular DNS of a content delivery network (CDN), the first DNS request comprising a first domain name address for a requested content available from the CDN (Golshan: column 2, lines 55-67: In an exemplary embodiment illustrated in FIG. 1A, client 120 sends a DNS UDP request 125 using User Datagram Protocol (UDP) over data network 105. DNS UDP request 125 may include a domain name 130. DNS proxy server 115 receives DNS UDP request 125. Column 4, lines 31-39: FIG. 2 illustrates another exemplary embodiment of responding to a client DNS request. In the exemplary embodiment of FIG. 2, client 120A sends a query in step 210 to a DNS UDP port of DNS proxy server 115, such as UDP port 53 for “domain.com”); 
mitigating the first DNS request intended for the particular DNS of the CDN when the first domain name address of the first DNS request is not included in the DNS request result file (Golshan: column 2, lines 55-67: DNS proxy server 115 matches domain name 130 against the plurality of domain names in DNS entry table 135. Sometimes DNS proxy server 115 does not find a match between domain name 130 and DNS entry table 135. Subsequently, DNS proxy server 115 sends a DNS UDP response 145 indicating no result is found. DNS proxy server 115 then indicates in a DNS UDP response 145 to ask client 120 to send a DNS request using Transmission Control Protocol (TCP)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Golshan in the invention of Bingham to include the above limitations. The motivation to do so would be to protecting a data network from a DNS denial of service attack (Golshan: column 1, lines 57-58).

Claims 2-4, 10, 11, 14, 15, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bingham in view of Golshan as applied to claims 1, 9 and 18 above, and further in view of applicant provided prior art US 20120117621 to Kondamuru et al (hereinafter Kondamuru).
As per claims 2, 10 and 19, Bingham in view of Golshan does not teach the limitations of claim 2, 10 and 19. However, Kondamuru teaches: 
receiving a Domain Name System Security Extension (DNSSEC) request from the requesting device; and transmitting a portion of the DNS request result file to the requesting device in response to the DNSSEC request (Kondamuru: [0005]. [0007]: the method includes the device establishing a cache for caching DNSSEC records received from the plurality of DNS servers. [0234]: In brief overview, the system includes a device intermediary between at least one client 102 and at least one server 102. [0236]: the implement of DNS on intermediary device may allow DNS RRs to be added with it).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Kondamuru in the invention of Bingham in view of Golshan to include the above limitations. The motivation to do so would be to provide and manage security features of DNSSEC via a device intermediary between at least one client and at least one server (Kondamuru: [0004]).

As per claims 3, 11 and 20, Bingham in view of Golshan and Kondamuru teaches:
The method of claim 2 wherein the portion of the DNS request result file comprises less than all of a range of domain names of the DNS request file (Golshan: column 2, lines 55-67: DNS proxy server 115 includes a DNS entry table 135, which includes a plurality of DNS entries. Each of the plurality of DNS entries in DNS entry table 135 includes a domain name and at least one corresponding network address for the domain name. column 4, lines 31-55: client 120A sends a query in step 210 to a DNS UDP port of DNS proxy server 115, such as UDP port 53 for “domain.com”. In step 220, DNS proxy server 115 checks its cache to determine if there is a matching entry for this request. If DNS proxy server 115 does not find a match within its cache for any reason, it then responds to client 120A in step 230 with a TC bit set. Upon receipt of the TC bit set, client 120A retries the DNS request for “domain.com” using TCP port 53. In step 240, client 120A retries sending the query to TCP port 53 for “domain.com”. In step 250, DNS proxy server 115 checks its cache to determine if there is a matching entry for this request. If DNS proxy server 115 does not find a matching entry for this request, it then forwards the query to the backend DNS server 110 in step 260, i.e., the DNS entry table comprises less than the entire range of domain names).

As per claims 4 and 14, Bingham in view of Golshan and Kondamuru teaches:
The method of claim 3 further comprising: detecting an attack on the DNS from a plurality of requesting devices (Golshan: column 4, lines 20-30: In various embodiments, DNS proxy server 115 employs the current invention after detecting a pre-determined number of unanswerable DNS UDP requests, a burst of unanswerable DNS UDP requests within a short period of time, or a number of unanswerable DNS UDP requests from suspected clients or network address sources. In another embodiment, DNS server 110 detects a suspicion of DNS denial of service attack and informs DNS proxy server 115); and transmitting an entire DNS request result file to the requesting device in response to the DNSSEC request (Kondamuru: [0005]. [0007]: the method includes the device establishing a cache for caching DNSSEC records received from the plurality of DNS servers. In another further embodiment, the method includes the device importing keys from a DNS server of the plurality of DNS servers and signing a zone record using the keys. In yet another embodiment, the method includes enabling the device, responsive to the request, to sign records requested by a client. [0234]: In brief overview, the system includes a device intermediary between at least one client 102 and at least one server 102. [0236]: the implement of DNS on intermediary device may allow DNS RRs to be added with it).

As per claim 15, Bingham in view of Golshan and Kondamuru teaches:
The content delivery network of claim 14 wherein the attack on the at least one server of the plurality of servers is a distributed denial of service-type attack (Golshan: column 5, lines 1-7: In this way, the method may be used as a detection mechanism for a DNS proxy server 115 to detect a potential denial of service attack. Column 4, lines 20-30: In various embodiments, DNS proxy server 115 employs the current invention after detecting a pre-determined number of unanswerable DNS UDP requests, a burst of unanswerable DNS UDP requests within a short period of time, or a number of unanswerable DNS UDP requests from suspected clients or network address sources).

Claims 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bingham in view of Golshan as applied to claims 1 and 9 above, and further in view of applicant provided prior art US 20120303808 to Xie (hereinafter Xie).
As per claims 5 and 16, Bingham in view of Golshan teaches:
The method of claim 1 further comprising: receiving a second DNS request intended for the DNS of the CDN, the second DNS request comprising a second domain name address for a requested content (Golshan: column 2, lines 55-67: client 120 sends a DNS UDP request 125 using User Datagram Protocol (UDP) over data network 105. DNS UDP request 125 may include a domain name 130. DNS proxy server 115 receives DNS UDP request 125); 
Bingham in view of Golshan does not teach: transmitting the second DNS request to the DNS when the URL address of the second DNS request is included in the DNS request result file. However, Xie teaches: 
transmitting the second DNS request to the DNS when the URL address of the second DNS request is included in the DNS request result file (Xie: [0018]: At 406, the domain name extracted at 404 is compared with or matched against a domain name list or database such as database 214 of FIG. 2. In some embodiments, domain names in such as list or database are organized according to categories. In some such cases, 406 includes identifying or determining a category associated with the extracted domain name. Based on an identified categorization of the extracted domain name, enterprise security or access policies, and/or user permissions, the extracted domain name is classified as denied or allowed at 408. If classified as allowed, for example, because access to the extracted domain name is permitted, the received DNS request is forwarded to the DNS server to which it was originally directed at 412).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Xie in the invention of Bingham in view of Golshan to include the above limitations. The motivation to do so would be to block DNS queries for suspect or malicious domain names, learn suspect or malicious domain names, discover and sanitize infected clients, etc. (Xie: [0011]).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Bingham in view of Golshan as applied to claim 1 above, and further in view of applicant provided prior art US 20100131646 to Drako (hereinafter Drako).
As per claim 6, Bingham in view of Golshan teaches:
The method of claim 1 wherein mitigating the first DNS request comprises terminating the first DNS request (Golshan: column 3, lines 49-67: When DNS proxy server 115 does not find a match for domain name 130, DNS proxy server 115 does not query DNS server 110 for domain name 130, but suggests client 120 to retry using DNS TCP request 150. In a typical DNS denial of service attack embodiment, DNS UDP requests include a domain name not known to DNS servers and an unknown network address. In this typical embodiment, the DNS UDP responses the DNS proxy server 115 sends using the unknown network addresses of corresponding DNS UDP requests will be discarded by data network 105). 
Gulshan does not teach: transmitting an IP address associated with a dead-end server to the requesting device. However, Drako teaches:
transmitting an IP address associated with a dead-end server to the requesting device (Drako: [0027]: a policy-managed DNS server comprising binding at least one of the following actions to the condition that the source of a DNS request is found in a list of undesirable IP addresses: [0028] transmitting a code for no such address found; [0029] transmitting a loopback address; [0030] transmitting a fictitious address; [0031] transmitting an address to a fixed message [0032] transmitting a fixed IP address).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Drako in the invention of Bingham in view of Drako to include the above limitations. The motivation to do so would be to execute a process for policy-based operation of a DNS server apparatus to manage traffic (Drako: [0013]). 

Claims 7 and 17 is rejected under 35 U.S.C. 103 as being unpatentable over Bingham in view of Golshan as applied to claims 1 and 9 above, and further in view of US 20120174196 to Bhogavilli (hereinafter Bhogavilli).
As per claim 7, Bingham in view of Golshan does not tech the limitations of the claim 7. However, Bhogavilli teaches:
wherein mitigating the first DNS request further comprises transmitting a redirect instruction to the requesting device that indicates an IP address associated with a hypertext transfer protocol (HTTP) server (Bhogavilli: [0044] In one embodiment, client 310 makes an HTTP request to proxy server 320 for a URL resource 311b (step 310b). However, rather than providing the resource associated with URL 311b to client 310, proxy server 320 may send an HTTP redirect message to client 310 (step 320b), for example using a "301" or "302" HTTP response status code. The HTTP redirect message 320b may instruct client 310 to make an HTTP request to URL 321b, which proxy server 320 has generated by hashing the client's IP address with, e.g., a secret string of characters known only to proxy server 320. Proxy server 320 may also set a time limit for client 310 to execute the redirect (operations not depicted). If client 310 successfully validates by honoring the redirect, as further described below, the time limit may nevertheless be important for preventing the same client or another client with the same IP address from achieving validation at a later time by requesting the same URL 321b in the form of a "replay attack.").
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Bhogavilli in the invention of Bingham in view of Golshan to include the above limitations. The motivation to do so would be to blacklist the client’s IP address so that all subsequent requests or communications from the client are either ignored or rate-limited if the client does not make an HTTP request to proxy server for the URL within the established time limit (Bhogavilli: [0045]).

As per claim 17, Bingham in view of Golshan does not tech the limitations of the claim 17. However, Bhogavilli teaches:
wherein mitigating the first DNS request further comprises terminating the first DNS request and transmitting a redirect instruction to the requesting device that indicates an IP address associated with a hypertext transfer protocol (HTTP)-type server (Bhogavilli: [0044] In one embodiment, client 310 makes an HTTP request to proxy server 320 for a URL resource 311b (step 310b). However, rather than providing the resource associated with URL 311b to client 310, proxy server 320 may send an HTTP redirect message to client 310 (step 320b), for example using a "301" or "302" HTTP response status code. The HTTP redirect message 320b may instruct client 310 to make an HTTP request to URL 321b, which proxy server 320 has generated by hashing the client's IP address with, e.g., a secret string of characters known only to proxy server 320. Proxy server 320 may also set a time limit for client 310 to execute the redirect (operations not depicted). If client 310 successfully validates by honoring the redirect, as further described below, the time limit may nevertheless be important for preventing the same client or another client with the same IP address from achieving validation at a later time by requesting the same URL 321b in the form of a "replay attack." It is inherent that the first HTTP request to the proxy server is terminated).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Bhogavilli in the invention of Bingham in view of Golshan to include the above limitations. The motivation to do so would be to blacklist the client’s IP address so that all subsequent requests or communications from the client are either ignored or rate-limited if the client does not make an HTTP request to proxy server for the URL within the established time limit (Bhogavilli: [0045]).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Bingham in view of Golshan and Bhogavilli as applied to claim 7 above, and further in view of applicant provided prior art US 20160218978 to Lapidous et al (hereinafter Lapidous).
As per claim 8, Bingham in view of Golshan and Bhogavilli does not teach the limitations of claim 8. However, Lapidous teaches:
wherein redirect instruction further comprises a designated caching period instruction for the requesting device, the requesting device caching the IP address associated with the HTTP server for the designated caching period (Lapidous: [0001]: To request the content from a specific content server, its domain name must be translated to a numerical IP address. This translation is performed by the Domain Name Service (DNS). Before issuing content request, the client computer asks a DNS server to map requested domain name to an IP address. The client may cache the DNS response for an allowed interval (time to leave: TTL), but must issue new DNS request if caching time expires).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Lapidous in the invention of Bingham in view of Golshan and Bhogavilli to include the above limitations. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (see KSR Int'l Co. v. Teleflex Inc. 550 U.S. __, 82 USPQ2d 1385 (Supreme Court 2007) (KSR)).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438