ON THE FLY CERTIFICATE GENERATION

§103 §112

DETAILED ACTION In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This Office Action is in response to the amendment dated on 12/17/2025. Claims 4, 6, 11 and 18 have been canceled. Claims 1, 8 and 15 have been amended. Claims 1-3, 5, 7-10, 12-17 and 19-20 are pending for consideration. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 11/12/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Regarding to the 101 rejection of claims 8-14 as being directed to no more than software per se or combination of software per se and signals per se, the claims have been amended. Therefore, the rejection has been withdrawn. Applicant's arguments filed 12/17/2025 have been fully considered but they are not persuasive. Applicant argues on pages 8-9 of the Remarks that none of the cited references anticipate or render obvious categorizing domains to generate a set of rules using an artificial intelligence (AI) tool. In response to the above argument, Examiner respectfully disagrees. Examiner notes that the claims and Applicant’s specification do not clearly recite how the AI tool is used to categorize domains to generate a set of rules (see paragraph 0023 of the Applicant’s specification, “an error message provided to the user may be customized in view of the RPZ based on a customized policy for blocking certain domains performed by AI- powered (learning) categorization of domains for access control, thus providing users with valid error page certificates. Thus, informing a user why the access to a domain is denied may be provided using the RPZ rules set by an artificial intelligence (AI) tool set to follow by the DNS server”) and how the AI tool is defined. According to WIKI, the term “Artificial Intelligence” is defined as the capability of computational systems to perform tasks typically associated with human intelligence, such as learning, reasoning, problem-solving, perception, and decision-making. Rudnik discloses a threat intelligence service which is used to classify domains to make decisions whether a domain should be blocked or not (see paragraphs 0033, 0038, 0064 and 0088). Examiner broadly maps the threat intelligence service of Rudnik as the AI tool because the threat intelligence service has the capability of computational systems to perform tasks typically associated with human intelligence, the classifying step as the categorizing step (see paragraph 0030 of Applicant’s specification, “the rules set may be automatically updated according to the classifications/categories or manually updated”, Notes: the terms “classification/categorization” are used interchangeable) and the decisions whether a domain is blocked or not as the set of rules recited in the claims. Therefore, Rudnik does teach the disputed limitation. Applicant argues on page 9 of the Remarks that Stolfo does not disclose the limitation “determining a category of threat associated with the domain name”…. the claimed "category of threat" represents a qualitative classification of content type. In response to the above argument, Examiner respectfully disagrees. Stolfo discloses determining a category of threat associated with the domain name (Stolfo: paragraphs 0022-0028 and 0064, “a browser that displays a banner warning when the URL of a viewed or requested website points to a suspicious phishing website, determined based upon a rating of the danger of the site. The warning may include a level of danger as described further below.”… “A phishing site may be rated at different levels of “danger” with regard to the sensitive personal information sought to be stolen. An exemplary rating scheme of “Significant,” “High,” and “Extreme” levels of danger may be used to delineate phishing websites”… “a straightforward labeling of a phishing website with its level of danger may be added to already existing security dashboards”). As can be seen in this citation, Examiner broadly interprets the category of threat recited in the claims as the level of danger is determined as can be seen in the citations. Therefore, Stolfo does teach the disputed limitation. In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., the claimed "category of threat" represents a qualitative classification of content type) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Applicant’s arguments with respect to the amended claim(s) 1-3, 5, 7-10, 12-17 and 19-20 have been considered but are moot. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-3, 5, 7-10, 12-17 and 19-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1, 8, and 15 recite "wherein the category of threat includes at least one of strong redirect, strict redirect, adult content, or filehosting". There is not sufficient support for this claim limitation. The specification does not describe or suggest that the category of threat includes at least one of strong redirect, strict redirect, adult content, or filehosting. On the contrary, Paragraph [0023] of the original specification recites " an AI-powered extension used to categorize the domains and restrict access to the specific categories of websites". This citations from the original specification explicitly recite categorizing domains and restricting access to the specific categories of websites. Paragraph [0026] of the original specification recites "a valid error page informs the client why the website cannot be reached, in which category/-ies it has been included, and what level of threat this page has" . One of ordinary skill in the art would identify the recited paragraphs do not disclose the category of threat includes at least one of strong redirect, strict redirect, adult content, or filehosting. The specification does not provide support for the claim limitation that the category of threat includes at least one of strong redirect, strict redirect, adult content, or filehosting. Dependent claims fail to cure this deficiency of independent claims (set forth directly above) and are rejected accordingly. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-3, 5, 7-10, 12-17 and 19-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The highlighted terms “strong redirect and strict redirect” in claims 1, 8 and 15 are a relative term which renders the claim indefinite. The terms “strong redirect and strict redirect” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Therefore, the claims will intercepted as best understood. Dependent claims fail to cure this deficiency of independent claims (set forth directly above) and are rejected accordingly. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3, 5, 7-10, 12-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Rudnik (US 20200314067) (hereinafter Rudnik) in view of Stolfo et al. (US 20220070215) (hereinafter Stolfo), and further in view of Daimon (US 20150150077) (hereinafter Daimon). Regarding claim 1, Rudnik discloses a method for generating a custom error message in response to a DNS query, the method comprising: categorizing, using an artificial intelligence (AI) tool, domains to generate a set of rules according to parameters given by an administrator (Rudnik: paragraphs 0033 and 0038, “a threat intelligence service representational state transfer (REST) application program interface (API) may be used to check the domain and receive a classification. Based on the classification and the available user profile rules, a decision can be made whether the domain should be blocked for this particular user… This can be used in conjunction with user preferences, administrative overrides, or other protocols to determine whether and when an IP address should be blocked”); receiving, by a domain name system (DNS) server, a domain request comprising a domain name from a computing device (Rudnik: paragraphs 0038 and 0054, “When a user of local device 304 wants to visit a website, the user may, for example, enter the website into the address bar of a browser, or click on a link. This causes a DNS request to be generated on the device. According to an enterprise, family, or personal policy, device 304 may have configured DNS servers that point to DNS proxy server 308, which includes a DNS policy such as to block certain domain names”); determining, by the DNS server using the set of rules, whether a user associated with the computing device is permitted to access the domain name (Rudnik: paragraphs 0054-0059, “DNS proxy server 308 then determines in decision block 304 whether the domain should be blocked or otherwise redirected. This can include, for example, querying a list of domain names that should be filtered. This could be either an absolute list, or it could be a contextual, per-user, or per-subscriber list, which enables the configuration of enterprise or user policies that are different from user to user. For example, there are some web services that allow a user to sign up with an account, and then indicate which websites he would like to block for his family. With all of the family's computers then set to resolve to the DNS proxy server 308, DNS proxy server 308 can look at a customized list for that subscriber, to determine which websites are blocked and which are not”); in response to determining that the user is not permitted to access the domain name, Rudnik: paragraph 0054-0058, “if the response is to be blocked, then in block 307, DNS proxy server 308 generates a blocked response”). Rudnik does not explicitly disclose the following limitations which are disclosed by Stolfo, determining, by the DNS server, (i) a category of threat associated with the domain name and (ii) a level of threat associated with the domain name based on the set of rules (Stolfo: paragraphs 0022-0028, “include a browser that displays a banner warning when the URL of a viewed or requested website points to a suspicious phishing website, determined based upon a rating of the danger of the site. The warning may include a level of danger as described further below. Additionally or alternatively, the warning may be displayed in a popup window on a display.”… “site may be rated at different levels of “danger” with regard to the sensitive personal information sought to be stolen. An exemplary rating scheme of “Significant,” “High,” and “Extreme” levels of danger”); and causing the computing device to display a webpage comprising the category of threat and the level of threat (Stolfo: paragraphs 0022-0028 and 0064, “displays a banner warning when the URL of a viewed or requested website points to a suspicious phishing website, determined based upon a rating of the danger of the site. The warning may include a level of danger”… “A phishing site may be rated at different levels of “danger” with regard to the sensitive personal information sought to be stolen. An exemplary rating scheme of “Significant,” “High,” and “Extreme” levels of danger may be used to delineate phishing websites”… “a straightforward labeling of a phishing website with its level of danger may be added to already existing security dashboards”). Rudnik and Stolfo are analogous art because they are from the same field of endeavor, threat protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Rudnik and Stolfo before him or her, to modify the system of Rudnik to include determining a category of threat associated with a domain name and a level of threat associated with the domain name and causing to display a webpage comprising the category of threat and the level of threat of Stolfo. The suggestion/motivation for doing so would have been to constitute applying a known technique to known devices and/or methods ready for improvement to yield predictable results. Rudnik in view of Stolfo does not explicitly disclose the following limitations which are disclosed by Daimon, wherein the category of threat includes at least one of strong redirect, strict redirect, adult content, or filehosting (Daimon: paragraphs 0056, 0059, 0080, 0082 and 0092, “it is preferable from plural pieces of category information prepared in correspondence to the contents of threat in the link destination, that the security server 70 extract category information corresponding to the security test result of the first link information. For example, in the security information D/B 80, category information may be registered that identifies "virus malware", "phishing malware", "adult content", or the like classified in accordance with the contents of threat”). Rudnik in view of Stolfo and Daimon are analogous art because they are from the same field of endeavor, network protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Rudnik in view of Stolfo and Daimon before him or her, to modify the system of Rudnik in view of Stolfo to include a category of threat includes at least one of strong redirect, strict redirect, adult content, or filehosting of Daimon. The motivation to do so constitutes applying a simple substitution of one known element for another to obtain predictable results. Regarding claim 8, the claim 8 discloses a system claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons. Rudnik as modified further discloses transmit, to the computing device via an encrypted tunnel, a webpage (Rudnik: paragraphs 0036 and 0041-0045, “The custom VPN client site implementation may be configured as a split tunnel, which routes only the DNS server IPs as defined in the system. The VPN's own DNS server may be specified to reside inside its routing range, as well as its remote server IP. This forces all DNS traffic on the device to be diverted into the VPN client, which directs all DNS outgoing flow back to itself. This loop configuration enables the VPN to intercept the DNS IP packets as they are sent from the OS. The VPN can modify DNS responses back to the OS as necessary.”) Regarding claim 15, the claim 15 discloses a medium claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons. Regarding claims 2, 9 and 16, Rudnik as modified discloses wherein access to the domain name is permitted or not permitted based on a category assigned to the domain name by the artificial intelligent (Rudnik: paragraphs 0033 and 0038, “a threat intelligence service representational state transfer (REST) application program interface (API) may be used to check the domain and receive a classification. Based on the classification and the available user profile rules, a decision can be made whether the domain should be blocked for this particular user… This can be used in conjunction with user preferences, administrative overrides, or other protocols to determine whether and when an IP address should be blocked”). Regarding claims 3, 10 and 17, Rudnik as modified discloses wherein the set of rules are a response policy zone (RPZ) (Rudnik: paragraphs 0028, 0031-0033, and 0038, “The DNS proxy server checks the domain name against a list of domain names that are risky or against policy, and depending on the result, either returns the address of the requested domain, or returns the address of an error page that informs the user that access to that website has been blocked”). Regarding claims 5 and 12, Rudnik as modified discloses wherein the determination is based on the parameters given by the administrator (Rudnik: paragraphs 0033 and 0038, “a threat intelligence service representational state transfer (REST) application program interface (API) may be used to check the domain and receive a classification. Based on the classification and the available user profile rules, a decision can be made whether the domain should be blocked for this particular user… This can be used in conjunction with user preferences, administrative overrides, or other protocols to determine whether and when an IP address should be blocked”). Regarding claims 13 and 19, Rudnik as modified discloses wherein the domain request is received at a domain name system (DNS) server (Rudnik: paragraphs 0028 and 0036, “Content filtering can rely on diverting domain name system (DNS) lookup requests from the user's local device to a DNS proxy server. The DNS proxy server can implement preset filtering according to user or enterprise demands. This occurs when a user attempts to navigate to a website, and the standard DNS request is diverted to the proxy server. The DNS proxy server checks the domain name against a list of domain names that are risky or against policy, and depending on the result, either returns the address of the requested domain, or returns the address of an error page that informs the user that access to that website has been blocked.”). Regarding claims 7, 14 and 20, Rudnik as modified discloses wherein the computing device is a VPN server (Rudnik: paragraphs 0033 and 0066-0067, “Embodiments of the present specification employ a limited virtual private network (VPN) on the device. This limited VPN provides only DNS services, and with a successful DNS lookup, otherwise seamlessly and invisibly handles all traffic through the ordinary network stack. The limited VPN is intelligent enough to know when a DNS lookup fails because it resolves to domain name that is blocked by policy. Note that the list of domain names blocked by policy can still be maintained offline, or in an enterprise policy server, although the list can also be maintained on the device. In some cases, the device periodically synchronizes with an enterprise policy server. The list of blocked domain names may be stored in a secure and encrypted location to avoid tampering by the end user.”… “providing a localized DNS VPN. Method 500 may be performed by a local VPN on the local device that is configured to perform DNS proxy services”). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TRANG T DOAN/Primary Examiner, Art Unit 2431