Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Terminal Disclaimer
The terminal disclaimer filed on 12/14/22 disclaiming the terminal portion of any patent granted on this application is being reviewed. 

Response to Arguments
In communications filed on 12/14/2022, claims 1-19 are presented for examination. Claims 1, 9, 11, and 12 are independent.
Amended claim(s): 1, 9, 11, and 12.
Applicants’ arguments, see Applicant Arguments/Remarks filed 12/14/22, with respect to claim(s) rejected under prior art have been fully considered but are not persuasive. Wyatt explicitly discloses intercepting a suspect site access and sending the request to another application for handling the suspect site access, thus teaching: in response to determining that the web page corresponds to the access-prohibited website domain, (Wyatt: Fig. 5 and ¶103-¶105, i.e., in response to determining the access is to a suspect site, passing the request for access to a second program).  However, Wyatt does not but in analogous art Fiducia (US 20130297933 A1) teaches: invoking, by the one or more processors of the terminal, a command to communicate in a virtual private network connect-on-demand mode with at least the web page; and (Fiducia: ¶9, ¶14-¶16, ¶42, i.e., initiating automatically access (i.e., command) to a VPN in on-demand mode to connect to the page). Before the effective filing date of the claimed invention it would have been obvious to one of ordinary skill in the art to modify Wyatt to include VPN on demand mode for connecting to resources as taught by Fiducia with the motivation to automatically connect to websites and resources via a VPN.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20120324094 A1 (hereinafter ‘Wyatt’) in view of US 20130297933 A1 (hereinafter ‘Fiducia’).

As regards claim 1, Wyatt (US 20120324094 A1) discloses: A method (Wyatt: ¶78, ¶185, i.e., the method and system), comprising: obtaining, by one or more processors of a terminal, information pertaining to a web page from a Domain Name Server (DNS server); (Wyatt: obtaining by the mobile client processor an unsafe web page warning (web page response) from the server; paragraph [0107))
determining, by the one or more processors of the terminal, that the web page corresponds to an access-prohibited website domain based at least in part on the information pertaining to the web page; (Wyatt: access-prohibited website domain); paragraphs (0103)-(0104)
in response to determining that the web page corresponds to the access-prohibited website domain, (Wyatt: Fig. 5 and ¶103-¶105, i.e., in response to determining the access is to a suspect site, passing the request for access to a second program) 
However, Wyatt does not but in analogous art Fiducia (US 20130297933 A1) teaches: invoking, by the one or more processors of the terminal, a command to communicate in a virtual private network connect-on-demand mode with at least the web page; and (Fiducia: ¶9, ¶14-¶16, ¶42, i.e., initiating automatically access (i.e., command) to a VPN in on-demand mode to connect to the page)
Before the effective filing date of the claimed invention it would have been obvious to one of ordinary skill in the art to modify Wyatt to include VPN on demand mode for connecting to resources as taught by Fiducia with the motivation to automatically connect to websites and resources via a VPN.
Wyatt et al combination further discloses: obtaining, by the one or more processors of the terminal, the web page via a virtual private network established based at least in part on the virtual private network connect-on-demand mode. (Figucia: ¶9, ¶14-¶16, ¶42, i.e., initiating automatically access (i.e., command) to a VPN in on-demand mode to connect to the page)

Claims 9 and 11 recite substantially the same features recited in claim 1 above and are rejected based on the aforementioned rationale discussed in the rejection.

As regards claim 12, Wyatt (US 20120324094 A1) discloses:  A system for intercepting malicious websites (Wyatt:  an android OS-based device (system) implementing web protection application service provides an assessment for blocking malicious sites; paragraphs [0172], [0180]), comprising: a terminal (Wyatt: a mobile client; paragraph [0031]), comprising: one or more terminal processors configured to: obtain information pertaining to a web page from a Domain Name Server (DNS server); (Wyatt: ¶31, ¶49, ¶61, the mobile client processor via web protection application sends a request comprising intercepted identifier)
determine that the web page corresponding to the domain information corresponds to an access-prohibited website domain based at least in part on the information pertaining to the web page; (Wyatt: obtaining by the mobile client processor an unsafe web page warning (web page response) from the server; paragraph [0107); access-prohibited website domain); paragraphs (0103)-(01041)
in response to determining that the web page corresponds to the access-prohibited website domain, (Wyatt: Fig. 5 and ¶103-¶105, i.e., in response to determining the access is to a suspect site, passing the request for access to a second program) 
However, Wyatt does not but in analogous art Fiducia (US 20130297933 A1) teaches: invoke a command to communicate in a virtual private network connect-on-demand mode with at least the web page; and (Figucia: ¶9, ¶14-¶16, ¶42, i.e., initiating automatically access (i.e., command) to a VPN in on-demand mode to connect to the page)
Before the effective filing date of the claimed invention it would have been obvious to one of ordinary skill in the art to modify Wyatt to include VPN on demand mode for connecting to resources as taught by Fiducia with the motivation to automatically connect to websites and resources via a VPN.
Wyatt et al combination further discloses: obtain the web page via a virtual private network established based at least in part on the virtual private network connect-on-demand mode; and (Figucia: ¶9, ¶14-¶16, ¶42, i.e., initiating automatically access (i.e., command) to a VPN in on-demand mode to connect to the page)
one or more terminal memories coupled to the one or more terminal processors, configured to provide the one or more terminal processors with instructions; and (Wyatt: the mobile client comprising a computer-readable medium includes a transmission medium to communicate with the processor and the computer-readable medium is configured to provide the processor with executable instructions; paragraph; paragraphs [0031], [0035])
the DNS server, comprising: one or more server processors, configured to: receive a network request; (Wyatt: a DNS server; paragraph (0147]), comprising: one or more server processors (the DNS server resolves request by using a custom DNS client (server processor) and the DNS server receiving the request comprising the intercept identifier from the mobile client; paragraph [0148-149])
obtain domain name information from the network request; (Wyatt: receiving the domain name information from the request comprising the intercept identifier; paragraph [0061]);
determine the information pertaining to the web page based at least in part on the domain name information; and (Wyatt: the server determining that the domain information comprised in the intercepted identifier is an exact match (same) with a list of categorized identifiers stored in a black list category (pre-saved access-prohibited website domain name information) that are classified to be unsafe intercepted identifiers; paragraphs (0088], [0103])
communicate the information pertaining to the web page to the terminal; and (Wyatt: the server determining that the domain information comprising the intercepted identifier does not match with the list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers; paragraphs [0088], [0103], [0116])
one or more server memories coupled to the one or more server processors, configured to provide the one or more server processors with instructions. (Wyatt: the custom DNS client accesses (coupled to) a local cache (memory) to store IP address and the local cache provides DNS client with DNS APls (instructions); paragraphs (0147]-[0148])

As regards claim 2, Wyatt et al combination discloses the method of claim 1, further comprising: communicating, by the one or more processors of the terminal, a network request to the DNS server, wherein the network request comprises domain information. (Wyatt: the mobile client processor via web protection application sends a request comprising intercepted identifier; paragraphs [0031], (0049] and the intercepted identifier comprises domain information; paragraph (0061])

As regards claim 3, Wyatt et al combination discloses the method of claim 2, wherein the information pertaining to the web page is communicated to the terminal in response to the terminal communicating the network request to the DNS server. (Wyatt: receiving the domain name information from the request comprising the intercept identifier; paragraph [0061]);

As regards claim 4, Wyatt et al combination discloses the method of claim 2, wherein the communicating the network request comprises: obtaining an application program-to-network layer network request; and (Wyatt: launching an application program by opening it in a browser (application program-to-network layer) as per the user request comprising intercepted identifier; paragraph [0150)) sending the network request to the DNS server, wherein the domain information comprises a domain name. (Wyatt: sending the request comprising intercepted identifier to the server; paragraph [0060)), wherein the domain information comprises a domain name (the domain information comprises a domain name; paragraph [0061))

As regards claim 5, Wyatt et al combination discloses the method of claim 2, wherein the obtaining the information pertaining to the web page comprises: in response to the DNS server determining that the domain information comprised in the network request is consistent with information stored in a mapping of domain information to access-prohibited website domains, receiving, from the DNS server, the IP address of the warning page; and (Wyatt: the server determining that the domain information comprised in the intercepted identifier is an exact match (consistent) with a list of categorized identifiers stored in a black list category (mapping of domain information to access-prohibited website domains) that are classified to be unsafe intercepted identifiers; paragraphs [0088), [01031 and receiving from the server an IP address of a warning page, stored in the blacklist of local cache; paragraphs [0145), [01741)
in response to the DNS server determining that the domain information comprised in the network request is not consistent with information stored in the mapping of domain information to access-prohibited website domains, receiving, from the DNS server, the IP address corresponding to the domain information comprised in the network request. (Wyatt: the server determining that the domain information comprised in the intercepted identifier does not match with the list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers; paragraphs [0088), [0103), [0116] and receiving from the server, a URL (web page address) matching with the request comprising intercepted identifier; paragraph [0116)-(0117))

As regards claim 6, Wyatt et al combination discloses the method of claim 1, further comprising: configuring, by the one or more processors of the terminal, one or more conditions for invoking the private network connect-on-demand mode; and (Fiducia: ¶9-¶16, i.e., configuration of on demand VPN settings)
determining, by the one or more processors of the terminal, whether at least one of the one or more conditions for invoking the virtual private network connect-on-demand mode is satisfied; (Fiducia: ¶9-¶21, i.e., configuration of on demand VPN settings and launching the VPN based on the settings)
wherein: the virtual private network is invoked in response to a determination that the at least one of the one or more conditions for invoking the virtual private network connect-on-demand mode is satisfied; and (Fiducia: ¶9-¶21, the configured addresses invokes the VPN on demand)
the at least one of the one or more conditions comprises receiving an indication that the domain information corresponds to the access-prohibited website domain. (Fiducia: ¶9-¶21, the configured addresses invokes the VPN on demand)

As regards claim 7, Wyatt et al combination discloses the method of claim 6, wherein the one or more conditions for invoking the virtual private network connect-on-demand mode comprises one or more of: access of at least one preset domain name; a network to which a terminal is connected switches to a preset WiFi network; failure of a preset network request; and an indication with respect to a preset domain, the indication being communicated from a designated server, and the designated server communicating the designation in response to at least one preset domain name being accessed. (Wyatt: the server determining that the domain information comprised in the intercepted identifier does not match with the list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers; paragraphs [0088), [0103), [0116] and receiving from the server, a URL (web page address) matching with the request comprising intercepted identifier; paragraph [0116)-(0117). See also, Fiducia: ¶9-¶21, the configured addresses invokes the VPN on demand)

As regards claim 8, Wyatt et al combination discloses the method of claim 1, further comprising: configuring, by the one or more processors of the terminal, one or more conditions for invoking the virtual private network connect-on-demand mode, wherein the one or more conditions comprise one or more of: access of at least one preset domain name; a network to which a terminal is connected switches to a preset WiFi network; failure of a preset network request; and an indication with respect to a preset domain, the indication being communicated from a designated server, and the designated server communicating the designation in response to at least one preset domain name being accessed. (Wyatt: the server determining that the domain information comprised in the intercepted identifier does not match with the list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers; paragraphs [0088), [0103), [0116] and receiving from the server, a URL (web page address) matching with the request comprising intercepted identifier; paragraph [0116)-(0117). See also, Fiducia: ¶9-¶21, the configured addresses invokes the VPN on demand)

As regards claim 10, Wyatt et al combination discloses the method of claim 1, further comprising: communicating a web page request to a remote application server based at least in part on the obtaining the information pertaining to the web page from the DNS server (Wyatt: a session request (web page request) is called (communicating) on to a target server such as a remoter server; paragraphs [0158), [0164) and the session request is based on unsafe web page warning response; paragraphs [0107), [01641), wherein: the information pertaining to the web page comprises one of an Internet Protocol (IP) address corresponding to a warning page or an IP address corresponding to the domain information according to the determination of whether the web page corresponds to the access-prohibited website domain; (Wyatt: receiving from the server an IP address of a warning page, stored in the blacklist of local cache; paragraphs [0145], [0174]) the web page request comprises IP address information obtained from the web page response; (Wyatt: receiving from the server an IP address of a warning page, stored in the blacklist of local cache; paragraphs [0145], [0174]) and in response to a determination that the web page is determined to correspond to the access-prohibited website domain, the information pertaining to the web page includes information pertaining to a warning page. (Wyatt: the server determining that the domain information comprising the intercepted identifier does not match with the list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers; paragraphs [0088], [0103], [0116])

As regards claim 13, Wyatt et al combination discloses the system of claim 12, wherein the one or more server processors are further configured to: determine whether the domain name information is matches pre-saved access-prohibited website domain name information; (Wyatt: the server determining that the domain information comprised in the intercepted identifier is an exact match (same) with a list of categorized identifiers stored in a black list category (pre-saved access-prohibited website domain name information) that are classified to be unsafe intercepted identifiers; paragraphs (0088], [0103]) in response to determining that the domain name information matches the pre-saved access-prohibited website domain name information, sending an Internet Protocol (IP) address corresponding to a warning page to the terminal, (Wyatt: upon identifying that the domain information comprised in the intercepted identifier is an exact match with a list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers receiving an IP address; paragraphs [0088], [0103], [0174]) the indication that the domain information corresponds to the access-prohibited website domain, or both; and (Wyatt: the server determining that the domain information comprising the intercepted identifier does not match with the list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers; paragraphs [0088], [0103], [0116]) in response to determining that the domain name information is different from the pre-saved access-prohibited website domain name information, sending the an IP address corresponding to the domain information to the terminal. (Wyatt: receiving from the server, a URL (web page address) matching with the request comprising intercepted identifier; paragraph [0116)-(0117)).

As regards claim 14, Wyatt et al combination discloses the system of claim 12, wherein the one or more terminal processors are further configured to: communicate the network request to the DNS server, wherein the network request comprises domain information. (Wyatt: Fig. 1, a server receiving a request (network request) comprising intercepted identifier from the mobile client processor via web protection application; paragraphs [0044)-(0045), [0049)), wherein the network request comprises domain information (the intercepted identifier comprises domain information; paragraph [0061));

As regards claim 15, Wyatt et al combination discloses the system of claim 14, wherein the information pertaining to the web page is communicated to the terminal in response to the terminal communicating the network request to the DNS server. (Wyatt: obtaining by the mobile client processor an unsafe web page warning (web page response) from the server; paragraph [0107) and access-prohibited website domain; paragraphs (0103)-(01041))

As regards claim 16, Wyatt et al combination discloses the system of claim 12, wherein the terminal is configured to store one or more start conditions associated with invoking the virtual private network connect-on-demand mode, the one or more start conditions comprising one or more of: (Fiducia: ¶9-¶16, i.e., configuration of on demand VPN settings) starting the virtual private network in response to determining that at least one preset domain name is accessed; (Fiducia: ¶9-¶21, the configured addresses invokes the VPN on demand) starting the virtual private network in response to determining that the network to which the terminal is connected switches to a preset WiFi network; starting the virtual private network in response to determining that the network to which the terminal is connected switches to a mobile network; starting the virtual private network in response to determining that a preset network request fails; and starting the virtual private network in response to determining, upon at least one preset domain name being accessed, that a designated server is used to perform analysis and the analysis fails. (Wyatt: the server determining that the domain information comprised in the intercepted identifier does not match with the list of categorized identifiers stored in a black list category that are classified to be unsafe intercepted identifiers; paragraphs [0088), [0103), [0116] and receiving from the server, a URL (web page address) matching with the request comprising intercepted identifier; paragraph [0116)-(0117). See also, Fiducia: ¶9-¶21, the configured addresses invokes the VPN on demand)

As regards claim 17, Wyatt et al combination discloses the system of claim 12, wherein the domain name information comprises a domain name. (Wyatt: Fig. 1, a server receiving a request (network request) comprising intercepted identifier from the mobile client processor via web protection application; paragraphs [0044)-(0045), [0049)), wherein the network request comprises domain information (the intercepted identifier comprises domain information; paragraph [0061));

As regards claim 18, Wyatt et al combination discloses the system of claim 12, further comprising: a remote application server, comprising: one or more remote application server processors, configured to: receive a web page request sent by the terminal, the web page request comprising a web page address; and (Wyatt: a session request (web page request) is called (communicating) on to a target server such as a remoter server; paragraphs [0158), [0164) and the session request is based on unsafe web page warning response; paragraphs [0107), [01641]) determining a web page result based at least in part on the web page request; and (Wyatt: receiving from the server an IP address of a warning page, stored in the blacklist of local cache; paragraphs [0145], [0174]) communicating the web page result to the terminal; and (Wyatt: receiving from the server an IP address of a warning page, stored in the blacklist of local cache; paragraphs [0145], [0174] and a monitoring module of a client computing device (terminal) via a network such as internet (network layer) thereby transmitting the user selected session such as api.facebook.com to an application such as Google News launched by the monitoring module of the client computing device; paragraphs [0154), [0164]) one or more remote application server memories coupled to the one or more remote application server processors, and configured to provide the one or more remote application server processors with instructions. (Wyatt: the target server call log is configured to provide the monitoring module with entries (instructions) to launch applications; paragraph (0164]).

As regards claim 19, Wyatt et al combination discloses the system of claim 12, wherein the information pertaining to the web page comprises an IP address. (Wyatt: the session request comprising a cached IP address 157.166.255.19; ¶01661)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SYED A ZAIDI/     Primary Examiner, Art Unit 2432