ON THE FLY CERTIFICATE GENERATION

DETAILED ACTION In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This Office Action is in response to the amendment dated on 11/3/2025. Claims 1, 8 and 15 have been amended. Claims 6, 13 and 19 have been canceled. Claims 1-5, 7-12, 14-18 and 20 are pending for consideration. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 11/14/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Regarding to the 101 rejection of claims 8-14 as being directed to no more than software per se or combination of software per se and signals per se, the claims have been amended as suggested. Therefore, the rejection has been withdrawn. In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., [ the claims may reduce a need for creating new virtual servers, saving web pages, and/or managing instantiated servers ]) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Applicant's arguments filed on 11/3/2025 have been fully considered but they are not persuasive. Applicant argues on pages 6-7 of the Remarks that Bolick fails to expressly or inherently disclose these features. For example, Bolick fails to disclose streaming a blocked error message to a user device without storing the blocked error message because Bolick explicitly hosts the blocked page on an instanced web server. Therefore, claim 1 is patentable over Bolick. In response to the above argument, Examiner respectfully disagrees. Bolick discloses on pages 5-9 that the “blocking page html content may include an address, URL, and/or other identifier associated with the domain is blocked, and may include the reason for preventing domain in some embodiments”. Because the html content is created by joining various piece of information, such as the domain (that the user requested, which is determined at that moment) and address/URL, which is also supplied by the user. As a result, this content is dynamic. The Applicant did not establish why dynamic content can or cannot be written to the server disk. They are not mutually exclusive actions. Furthermore, commonly used web servers before the effective filing date can serve content dynamically (such as Java JEE server, Apache Tomcat web server, and servers for other languages). See https://en.wikipedia.org/w/index.php?title=Web_server&oldid=1062918490 and https://en.wikipedia.org/w/index.php?title=Dynamic_web_page&oldid=1059452464 These are common knowledge and well-known in the art. Regarding streaming data using packets, HTTP contents are served using HTTP protocol which is on top of TCP/IP protocol. TCP/IP is a packet based streaming communication (Bolik: pages 5-9, “Now the presented example of the operation of the system 100. assuming that browser application 104 has requested the website domain name is "foo.com", the actual IP address associated with the domain is 92.168.5.47. To complete the request, browser application needs to obtain the IP address associated with the domain "foo.com", and sends the DNS request to the DNS 106. DNS 106 determining the domain "foo.com" has been prevented.”… “the page content may include shared resources, such as images, fonts, script, etc., that are presented for browser application 104 display, irrespective of the domain is prevented. after starting, the Web server of the instantiation can be customized to prevent page HTML (HTML Page Block) reference image, reference of fonts and other resources so that they both reference field is prevented to prevent the browser warning. For example, the browser application 104 the page content display may include image, font, scripts, and other resources of the reference when the domain is prevented. can be used in the page HTML setting the resource to prevent page in HTML, to quote the reference domain is prevented. For example, if the domain name "foo.com" has been blocked, can be used in the page HTML template as from page content of a portion of the logo (logo) image (logo.png) of reference is modified to "http: // foo.com/images/logo.png.". If the subsequent to be processed is prevented from the domain "bar.com", the Web server may then instantiation of the referenced customization is "http: // bar.com/images/logo.png.". This ensures that the browser application 104 believes all content in the HTML are from the domain (foo.com, bar.com) is prevented, and thus the determination reference is valid, therefore, responsive to receiving the stop page HTML from the instantiation of the Web server, the browser will not show any safety warning.”). As a result, the cited prior art teaches the disputed claim limitations. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1-5, 7-12, 14-18 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by BOLICK (CN 111434086, translated document is attached) (hereinafter BOLICK). Regarding claim 1, BOLICK discloses a method for generating a custom error message, the method comprising: receiving by a virtual private network server, a request for access to a domain (BOLICK: pages 3-7, “to prevent the user from viewing a HTTPS/SSL page of the customized display security notifications”… “assuming that browser application 104 has requested the website domain name is "foo.com", the actual IP address associated with the domain is 92.168.5.47. To complete the request, browser application needs to obtain the IP address associated with the domain "foo.com", and sends the DNS request to the DNS 106 "). domain name service 106 receives a query, and in response to the query to provide an IP address associated with the domain name”); checking, by the virtual private network server, identification information for the domain against a set of rules establishing whether access to the domain is permitted (BOLICK: pages 3-7, “To complete the request, browser application needs to obtain the IP address associated with the domain "foo.com", and sends the DNS request to the DNS 106. DNS 106 determining the domain "foo.com" has been prevented”… “For example, the domain name service 106 can check the policy 118, the policy 118 may include rules, list or other data for domain name service 106 used to determine whether to prevent the domain name”); and upon determination that access to the requested domain is not permitted according to the set of rules: extracting a domain name from the request (BOLICK: pages 3-7, “blocking page html content may include an address, URL, and/or other identifier associated with the domain is blocked, and may include the reason for preventing domain in some embodiment”… “For example, if the domain name "foo.com" has been blocked, …If the subsequent to be processed is prevented from the domain "bar.com", the Web server may then instantiation of the referenced customization is "http: // bar.com/images/logo.png.". This ensures that the browser application 104 believes all content in the HTML are from the domain (foo.com, bar.com) is prevented”); generating a certificate based on the domain name using a root certificate (BOLICK: pages 3-7, “Web server instantiated host 110 may maintain or create a customized security certificate 116”… “the web server host may use the root certificate provided by creating customized security certificate, the root certificate in some embodiments have also been distributed to users”); and dynamically generating and streaming (Bolick: pages 5-9, “blocking page html content may include an address, URL, and/or other identifier associated with the domain is blocked, and may include the reason for preventing domain in some embodiments”; Examine notes: Because the html content is created by joining various piece of information, such as the domain (that the user requested, which is determined at that moment) and address/URL, which is also supplied by the user. As a result, this content is dynamic), by the virtual private network server to a user device, to a user device a blocked error message for the domain expressing a reason why the access to the domain was not permitted according to the set of rules (BOLICK: pages 3-7, “browser application 104 is not received from the website content is blocked, and is instantiated 114 from Web server receiving the html page. content may include information of reason such as identifying the actual IP address "foo.com" and blocks that have been blocked, foo.com foo.com.”… “the domain is blocked one or more reasons provided to the browser application… blocking page html content may include an address, URL, and/or other identifier associated with the domain is blocked, and may include the reason for preventing domain in some embodiments”), wherein the blocked error message comprises the certificate (BOLICK: pages 3-7, “if the sites are blocked using HTTPS/SSL, as substitute content without the correct security credentials, the browser of the user may display browser security warning”), and wherein the blocked error message is not stored on the virtual private network server (Bolick: pages 5-9, “blocking page html content may include an address, URL, and/or other identifier associated with the domain is blocked, and may include the reason for preventing domain in some embodiments”; Examiner notes: Because the html content is created by joining various piece of information, such as the domain (that the user requested, which is determined at that moment) and address/URL, which is also supplied by the user. As a result, this content is dynamic.). Regarding claim 8, the claim 8 discloses a system claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons. Regarding claim 15, the claim 15 discloses a medium claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons. Regarding claims 2, 9 and 16, BOLICK discloses wherein the set of rules comprise two or more categories of restricted webpages and wherein the blocked error message comprises an indication of a category of the two or more categories that is assigned to the domain (BOLICK: pages 3-7, “For example, the domain name service 106 can check the policy 118, the policy 118 may include rules, list or other data for domain name service 106 used to determine whether to prevent the domain name. the strategy can be presented based on content provided by the domain or by the domain of security threat (e.g., malicious software).”… “For example, the DNS server is configured to prevent the website based on its content (e.g., pornographic content). In addition, the DNS server can be configured based on site distributing malicious software or possibility of the known phishing site to prevent site. some security platform can be configured display alternative content when the site is prevented. However, if the sites are blocked using HTTPS/SSL, as substitute content without the correct security credentials, the browser of the user may display browser security warning”). Regarding claims 3, 10 and 17, BOLICK discloses wherein the set of rules comprise a response policy zone (RPZ) (BOLICK: pages 3-7, “In some embodiments, the domain name service 106 may be configured to determine whether to prevent the specific domain name. For example, the domain name service 106 can check the policy 118, the policy 118 may include rules, list or other data for domain name service 106 used to determine whether to prevent the domain name. the strategy can be presented based on content provided by the domain or by the domain of security threat (e.g., malicious software).”… “browser application 104 is not received from the website content is blocked, and is instantiated 114 from Web server receiving the html page. content may include information of reason such as identifying the actual IP address "foo.com" and blocks that have been blocked, foo.com foo.com. Web server after providing the stop page html content, Web server instantiation 114 may be destroyed, and the resource can be used for other instantiation.”). Regarding claims 4, 11 and 18, BOLICK discloses wherein the RPZ is generated according to parameters given by a user's administrator (BOLICK: pages 3-7, “timer interval can be set so that when receiving a request for page content of the domain is blocked, the Web server instantiated still exists, and can destroy the instantiated Web server so as to prevent resource request never reaches the use of unnecessary. In some embodiments, the timer interval may be X milliseconds. the value of X can be configured by the system administrator.”). Regarding claims 5 and 12, BOLICK discloses wherein the determination is based on the parameters given by the user's administrator (BOLICK: pages 3-7, “the frame 214, may be created after the Web server instantiates timer is started. timer interval can be set so that when receiving a request for page content of the domain is blocked, the Web server instantiated still exists, and can destroy the instantiated Web server so as to prevent resource request never reaches the use of unnecessary. In some embodiments, the timer interval may be X milliseconds. the value of X can be configured by the system administrator. Further, it is possible to dynamically adjust the value of X. For example, if the number of the available IP address of Web server assigned to the instantiation of the relatively few (for example, 4) and the user number, the value of X may be lower (e.g., 5000ms). Alternatively, if the instantiation of the available IP address for Web server has relatively more numbers (e.g., 100), the value of X may be increased.”). Regarding claims 7, 14 and 20, BOLICK discloses wherein the virtual private network server is a proxy for a DNS server (BOLICK: pages 3-7, “an embodiment for instantiating the Web server to display customized content in the security context diagram of the system 100. In some aspects, the system 100 a via a network 120 coupling of the calculating device 102, domain name server 106, the website is blocked 108 and instantiation of the Web server host 110. Network 120 can be any type and combination of a wired network and a wireless network. In certain aspects, the network 120 can be the Internet.”). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TRANG T DOAN/Primary Examiner, Art Unit 2431