Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment and Arguments
Applicant’s amendment filed on September 29, 2022 has been entered and made of record.  Claims 1, 4-9, 11-15, and 17-20 are pending and are being examined in this application.
In light of Applicant’s amendments to the claims, the 112(b), 102, and 103 rejections are updated.

Claim Interpretation
“The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met.” MPEP 2111.04 (II). 

Claim 1 is a method claims that recites “looking up...if the collected DNS logs are missing DNS data...”  As such, the “looking up...,” “prioritizing...,” “receiving...,” and “sending...” limitations are contingent limitations because they depend on a condition precedent in order to be performed. Therefore, these limitations are not required to be performed when a condition precedent is not met and therefore not given patentable weight. In addition, claim 8 is only applicable to the “looking up...” contingent limitation in claim 1 and is therefore also not given patentable weight.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 4-9, 11-15, and 17-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation “receiving the missing DNS context to create more complete DNS logs based on prioritized DNS transactions.” The bolded term lacks proper antecedent basis. It is unclear whether the bolded term is referring to the DNS transaction prioritized in the previous limitation “prioritizing the DNS transactions based on policy or configuration” or to other prioritized DNS transactions.
For purposes of examination, the above-noted limitation will be interpreted as: “receiving the missing DNS context to create more complete DNS logs based on the prioritized DNS transactions.”
Claims 9 and 15 have the same issues and are rejected for the same reasons. Claims 4-8, 11-14, and 17-20 depend from claims 1, 9, and 15 and are also rejected for the same reasons.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1 and 4-8 are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by Neou et al. (US Pub. 20130014253).
Referring to claim 1, Neou discloses A computer-implemented method to obtain domain name system (DNS) monitoring data comprising: 
collecting DNS logs from one or more DNS servers, resolves, aggregators [fig. 1; pars. 37 and 38; DNS data is received from a plurality of sources (e.g., an aggregator and a resolver); also note ISP network and global network]; 
determining if the collected DNS logs are missing DNS context [pars. 26 and 38; note discovery of unknown patterns in the DNS data]; 
looking up DNS transactions to determine the missing DNS context if the collected DNS logs are missing DNS context, wherein determining the missing DNS context is based on a subset of the collected DNS logs [contingent limitation – no patentable weight]; 
prioritizing the DNS transactions based on policy or configuration [contingent limitation – no patentable weight];
receiving the missing DNS context to create more complete DNS logs based on the prioritized DNS transactions [contingent limitation – no patentable weight]; and 
sending the more complete DNS logs for analysis [contingent limitation – no patentable weight].

Referring to claim 4, Neou discloses The method of claim 1, wherein the DNS servers include one of a local DNS server or a global DNS server [fig. 1; note ISP network and global network].

Referring to claim 5, Neou discloses The method of claim 1, wherein the aggregators include one of a local aggregator or global aggregator [fig. 1; par. 37; note ISP network and global network comprising an aggregator].

Referring to claim 6, Neou discloses The method of claim 1, wherein the collecting is performed periodically [par. 10; the sources are periodically updated].

Referring to claim 7, Neou discloses The method of claim 1, further comprising converting the DNS logs and DNS data to a common format [pars. 39-41; the DNS data is scored and classified prior to determining whether a security action is performed, which entails applying a common scoring and classification scheme to the DNS data].

Referring to claim 8, Neou discloses The method of claim 1 wherein the DNS transactions comprise a subset of DNS requests [only applicable to contingent limitation – no patentable weight].


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 9, 11-15, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Neou in view of Buck (US Pub. 20200287933).

Referring to claim 9, Neou discloses A system comprising: a processor; a data bus coupled to the processor; and a computer-usable medium embodying computer program code, the computer-usable medium being coupled to the data bus, the computer program code used for determining vertically and horizontally aligned cells in a structure data and comprising instructions executable by the processor [fig. 4; pars. 48 and 49; system 400 comprises processor 410, memory 420 comprising instructions for execution by processor 410, and bus 490 connecting processor 410 and memory 420] and configured for: 
collecting DNS logs from one or more DNS servers, resolvers, aggregators [fig. 1; pars. 37 and 38; DNS data is received from a plurality of sources (e.g., an aggregator and a resolver); also note ISP network and global network]; 
determining if the collected DNS logs are missing DNS context [pars. 26 and 38; note discovery of unknown patterns (e.g., a DNS name) in the DNS data]; 
looking up...to determine the missing DNS context if the collected DNS logs are missing DNS context... [par. 38; related DNS data is retrieved for the DNS name];
prioritizing the DNS transactions based on policy or configuration [fig. 2, step 214; the related DNS data is scored based on reputation data such that a higher score is assigned to DNS data received from a source that is known for providing accurate information (i.e., a reputation policy)];
receiving the missing DNS context to create more complete DNS logs based on the prioritized DNS transactions [fig. 2, step 216; the related DNS data is aggregated based on score]; and 
sending the more complete DNS logs for analysis [fig. 2, step 218; the DNS name is analyzed based on the scoring].
Neou does not appear to explicitly disclose looking up DNS transactions to determine the missing DNS context...wherein determining the missing DNS context is based on a subset of the collected DNS logs.
However, Buck discloses looking up DNS transactions to determine the missing DNS context... [par. 70; historical DNS information comprising historical DNS requests is received from a plurality of sources]; and wherein determining the missing DNS context is based on a subset of the collected DNS logs [par. 81; in response to a trigger, historical DNS information correlated with the trigger is retrieved from a cache, which stores a subset of the historical DNS information associated with predicted lookups].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the DNS data collection system of Neou so that DNS information is acquired as taught by Buck. The motivation for doing so would have been to make such information available in advance to make processing more efficient [Buck, pars. 81 and 82].

Referring to claim 11, Neou discloses The system of claim 9, wherein the resolvers include one of a local DNS server or a global DNS server [fig. 1; note ISP network and global network].

Referring to claim 12, Neou discloses The system of claim 9, wherein the collecting is performed periodically [par. 10; the sources are periodically updated].

Referring to claim 13, Neou discloses The system of claim 9, wherein the computer-usable medium is executable by the processor and further configured for: converting the DNS logs and DNS data to a common format [pars. 39-41; the DNS data is scored and classified prior to determining whether a security action is performed, which entails applying a common scoring and classification scheme to the DNS data].

Referring to claim 14, Neou discloses The system of claim 9, further comprising: DNS data converter comprised of a DNS log collector/parser, Ad Hoc DNS client, and DNS view composer [fig. 4, processor 410].

Referring to claim 15, see the rejection for claim 9. Neou further discloses A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for performing the claimed steps [fig. 4; par. 48; memory 420 comprises instructions for execution by processor 410].

Referring to claim 17, see the rejection for claim 11.

Referring to claim 18, Neou discloses The non-transitory, computer-readable storage medium of claim 16, wherein the aggregators include one of a local aggregator or global aggregator [fig. 1; par. 37; note ISP network and global network comprising an aggregator].

Referring to claim 19, see the rejection for claim 12.
Referring to claim 20, see the rejection for claim 13.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GRACE PARK whose telephone number is (571) 270-7727 and fax number is (571) 270-8727.  The examiner can normally be reached M-F 8AM-5PM.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JAMES TRUJILLO can be reached at (571) 272-3677.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov/.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Grace Park/Primary Examiner, Art Unit 2157