Prosecution Insights
Last updated: July 05, 2026
Application No. 18/651,801

Correlating Local Resolvers to Clients

Non-Final OA §103
Filed
May 01, 2024
Examiner
SUN, ANDREW NMN
Art Unit
Tech Center
Assignee
International Business Machines Corporation
OA Round
1 (Non-Final)
50%
Grant Probability
Moderate
1-2
OA Rounds
1y 3m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 50% of resolved cases
50%
Career Allowance Rate
4 granted / 8 resolved
-10.0% vs TC avg
Strong +100% interview lift
Without
With
+100.0%
Interview Lift
resolved cases with interview
Typical timeline
3y 6m
Avg Prosecution
28 currently pending
Career history
46
Total Applications
across all art units

Statute-Specific Performance

§103
100.0%
+60.0% vs TC avg
Black line = Tech Center average estimate • Based on career data from 8 resolved cases

Office Action

§103
DETAILED ACTION Claims 1-20 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Interpretation Claim 20 recites “A computer program product for correlating a local resolver to a client, the computer program product comprising: a set of one or more computer-readable storage media;” The Examiner is reading “computer-readable storage media” to be non-transitory, because the specification states, “Computer-readable storage media 1524 is a physical or tangible storage device used to store program instructions 1518 rather than a medium that propagates or transmits program instructions 1518. Computer-readable storage media 1524, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire,” ¶ 0152. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 9, 11-13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), and Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination). Regarding Claim 1, Kommula teaches a computer implemented method for correlating a local resolver to a client ( Kommula discloses, “The host name portion is first provided by the client to a local name resolver, which then queries a local DNS server to obtain a corresponding IP address. If a corresponding IP address is not locally cached at the time of the query, or if the "time-to-live" (TTL) of a corresponding IP address cached locally has expired, the DNS server then acts as a resolver and dispatches a recursive query to another DNS server. This process is repeated until an authoritative DNS server for the domain (e.g., foundrynet.com, in this example) is reached,” Col 1, Lines 34-43. The claimed “local resolver” is mapped to the disclosed “local DNS server”, which resolves the domain name.), the computer implemented method comprising: identifying, by a processor set, the local resolver requesting an address to access a resource from an authoritative domain name server ( Kommula discloses, “the host name portion of the URL needs to be resolved into an IP address of a server for that application program or resource. For example, the URL (e.g., http://www.foundrynet.com/index.htm) includes a host name portion www.foundrynet.com that needs to be resolved into an IP address. The host name portion is first provided by the client to a local name resolver, which then queries a local DNS server to obtain a corresponding IP address. If a corresponding IP address is not locally cached at the time of the query, or if the "time-to-live" (TTL) of a corresponding IP address cached locally has expired, the DNS server then acts as a resolver and dispatches a recursive query to another DNS server. This process is repeated until an authoritative DNS server for the domain (e.g., foundrynet.com, in this example) is reached,” Col 1, Lines 29-43. Here, the claimed “local resolver” (disclosed “local DNS server”) is identified. The local DNS server requests an address to access an IP address from the authoritative domain name server via a recursive query.); initiating, by the processor set, sending responses from the authoritative domain name server to the local resolver( Kommula discloses, “the host name portion of the URL needs to be resolved into an IP address of a server for that application program or resource. For example, the URL (e.g., http://www.foundrynet.com/index.htm) includes a host name portion www.foundrynet.com that needs to be resolved into an IP address. The host name portion is first provided by the client to a local name resolver, which then queries a local DNS server to obtain a corresponding IP address. If a corresponding IP address is not locally cached at the time of the query, or if the "time-to-live" (TTL) of a corresponding IP address cached locally has expired, the DNS server then acts as a resolver and dispatches a recursive query to another DNS server. This process is repeated until an authoritative DNS server for the domain (e.g., foundrynet.com, in this example) is reached. The authoritative DNS server returns one or more IP addresses, each corresponding to an address at which a server hosting the application ("host server") under the host name can be reached. These IP addresses are propagated back via the local DNS server to the original resolver,” Col 1, Lines 29-47. Here, the authoritative domain server responds with IP addresses of servers to the claimed “local resolver” (disclosed “local DNS server”). The local DNS server requests these IP addresses from the authoritative domain server beforehand, in order to access the servers associated with them); associating the local resolver with the client ( Kommula discloses, “Each DNS server caches the list of IP addresses received from the authoritative DNS server for responding to future queries regarding the same host name, until the TTL of the IP addresses expires.,” Col 1, Lines 50-53, and “a query is sent to local DNS server 30 to resolve the symbolic host name www.foundrynet.com to an IP address of a host server. The client program 28 receives from DNS server 30 a list of IP addresses corresponding to the resolved host name,” Col 3, Lines 61-65. Here, each DNS server, which includes the claimed “local resolver” mapped to “local DNS server”, is associated with the client, via the client’s host name, in order to respond to future queries from the client. The local DNS server sends the client a list of IP addresses corresponding to the resolved host name, further associating the local DNS server with the client.). Kommula does not teach determining, by the processor set, an access pattern defining servers for accessing the resource over time slices, wherein the servers are assigned to the time slices and wherein the servers are configured to record requests to access the resource received during the time slices; sending responses from the authoritative domain name server to the local resolver using the access pattern, wherein each response in the responses is assigned to a current time slice in the time slices; determining whether the requests to access the resource from the client recorded by the servers match the access pattern; and associating the local resolver with the client in response to the requests from the client matching the access pattern. However, Liu teaches determining whether the requests to access the resource from the client are likely trustworthy ( Liu discloses, ““In the example shown in FIG. 4, a DNS query 410 is communicated to a network such as to a DNS resolver. As an example, the DNS query 410 is communicated by a client (e.g., an infected or malicious client, a benign or secure client, etc.). A detector 420 receives the DNS query 410 and determines whether the DNS query corresponds to suspicious or malicious traffic… In some embodiments, detector determines whether the DNS query 410 corresponds to untrusted traffic or trusted traffic based at least in part on an analysis of the DNS query 410 and/or the client from which the DNS query is received,” ¶ 0059. Here, the detector 420 receives the DNS query 410 that is communicated to a DNS resolver. The detector can analyze the DNS query and/or the client from which the DNS query is received, in order to identify said resolver of the DNS query in order to determine whether the DNS query corresponds to untrusted or trusted traffic.); and associating the local resolver with the client in response to the requests from the client being likely trustworthy ( Liu discloses, “In response to detector 420 determining that the DNS query 410 corresponds to trusted traffic, a query is sent to legacy cache 440 to obtain predicted address information for the domain comprised in the DNS query 410… a query is sent to an aDNS for address information corresponding to the domain, and in response to receiving the address information from the aDNS, the address information is returned as target address information that is responsive to the DNS query 410,” ¶ 0061. After the combination of Kommula with Liu, the claimed “local resolver”, mapped to local DNS server from Kommula, is associated with the client in response to the requests from the client being benign, as specified by Liu.). Kommula and Liu are both considered to be analogous to the claimed invention because they are in the same field of computer networks. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula to incorporate the teachings of Liu and provide identifying, by a processor set, the local resolver requesting an address to access a resource from an authoritative domain name server; determining whether the requests to access the resource from the client are likely trustworthy; and associating the local resolver with the client in response to the requests from the client being likely trustworthy. Doing so would help provide prevent malicious traffic or requests from being sent to authoritative DNS servers. (Liu discloses, “The system improves the handling of DNS traffic (e.g., response to DNS traffic) by preventing (or improving prevention of) malicious traffic from being sent to authoritative nameservers in connection with responding to the DNS traffic,” ¶ 0021.). Kommula in view of Liu does not teach determining, by the processor set, an access pattern defining servers for accessing the resource over time slices, wherein the servers are assigned to the time slices and wherein the servers are configured to record requests to access the resource received during the time slices; sending responses from the authoritative domain name server to the local resolver using the access pattern that indicates likely trustworthiness, wherein each response in the responses is assigned to a current time slice in the time slices; determining whether the requests to access the resource from the client recorded by the servers match the access pattern that indicates likely trustworthiness; and associating the local resolver with the client in response to the requests from the client matching the access pattern. However, Jain teaches determining whether the requests to access the resource from the client recorded by the servers match the access pattern that indicates likely trustworthiness; and associating the local resolver with the client in response to the requests from the client matching the access pattern ( Jain discloses, “one or more backend systems, such as backend servers or other hardware used to process data and implement the application in the production environment,” Col 8, Lines 8-11, and “In one embodiment, the policy rules data 144 includes rules related to previously observed access patterns of the user. … The data management system 106 can observe and record the usage patterns of the users and can update the policy rules data 144 to include rules that specify that future access utilizing the access token data 134 must fall within previously identified usage patterns of the user. If an access request utilizing access token data 134 falls outside of the observed usage patterns in the user, then the policy rules data 144 can indicate that the access authorization system 104 should deny the user access to the secured data 148 and the services of the data management system 106,” Col 17, Lines 66-67 and Col 18, Lines 1-18. Here, the data management system records the usage patterns of a user to form an access pattern. If another user does not match the access pattern, then access is denied to that user. Otherwise, if the access pattern is matched, then access is granted. The data management system is part of a backend system such as a backend server. After the combination of Kommula in view of Liu, with Jain, requests to access the resource from the client, are recorded by servers, as specified by Jain. Furthermore, the requests are determined on whether they match the access pattern, and if so, the local DNS server from Kommula is associated with the client; otherwise, the local DNS server is denied association with the client.). Kommula in view of Liu, and Jain are both considered to be analogous to the claimed invention because they are in the same field of computer security. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu to incorporate the teachings of Jain and provide determining whether the requests to access the resource from the client recorded by the servers match the access pattern; and associating the local resolver with the client in response to the requests from the client matching the access pattern. Doing so would help improve security to avoid malicious access from external clients/users (Jain discloses, “In this way, if a fraudster obtains access token data 134 and attempts to access the data management system 106 on a day or at a time of day that falls outside the established usage pattern of the user, then the access authorization system 104 will deny the access request,” Col 18, Lines 18-23.). Kommula in view of Liu and Jain does not teach determining, by the processor set, an access pattern defining servers for accessing the resource over time slices, wherein the servers are assigned to the time slices and wherein the servers are configured to record requests to access the resource received during the time slices; sending responses from the authoritative domain name server to the local resolver using the access pattern, wherein each response in the responses is assigned to a current time slice in the time slices. However, Zhang teaches determining, by the processor set, an access pattern defining servers for accessing the resource over time slices, wherein the servers are assigned to the time slices and wherein the servers are configured to record requests to access the resource received during the time slices ( Zhang discloses, “By orchestrating requests’ service on different data servers IOrchestrator can better exploit the locality, resulting in higher I/O throughput,” Page 3, and “While the spatial locality of a sequential program is solely a property of the program, reflecting its intrinsic access patterns, the spatial locality observed at each data server for a parallel program with a multi-node storage system is additionally determined by how processes run on the compute node and how file data are striped over data servers. In addition, it is the spatial locality of all the programs in the system that collectively determines the I/O efficiency of a data server. We denote the spatial locality observed at data server i for program j as SLij and the spatial locality observed at data server i for all programs as SLi. For a particular program j running together with other programs, SLij may not be significant in determining the program’s I/O efficiency unless it is given a dedicated time slice to access the data server,” Page 4, and “The locality daemon at each data server, obtaining request LBAs from the instrumented kernel, collects the various measurements and calculates these statistics. Among them, SLi(k), SeekTimei(k), and SLij(k) for any program j are periodically sent to the orchestrator daemon at the metadata server. RDij(k) is only reported for the program that is receiving dedicated service,” Page 5. Here, an access pattern is defined for connection between a resource (program) and different data servers. A resource can be given a dedicated time slice for communication with one data server and another dedicated time slice for communication with another data server. The locality daemon at each data server collects information regarding communication between the data server and the resource.) sending responses from the authoritative domain name server to the local resolver using the access pattern, wherein each response in the responses is assigned to a current time slice in the time slices ( Zhang discloses, “A parallel file system allows requests from a program running on the compute nodes to be served by multiple data servers in parallel,” Page 1, and “There are two conditions for a time slice to be dedicated to a program j at data server i to be cost effective. Thefirst condition is that SLij be substantially stronger than SLi (a smaller value indicates a stronger locality; quantitative definitions are given below). The second condition is that the reuse distance of program j at data server i, denoted by RDij, is sufficiently small relative to a given SLi. The first condition ensures that efficiency can be improved by dedicating a time slice of the data server to the program,” Pages 4-5. Here, the access pattern is defined so that each time slice dedicates a data server of the multiple data servers to the program (resource), so that data is communicated between the program and the data server for each time slice. After the combination of Kommula in view of Liu and Jain, with Zhang, said access pattern is used to send responses from Kommula’s authoritative domain name server to Kommula’s local DNS resolver, as this is also data communication between a resource and a data server.) Kommula in view of Liu and Jain, and Zhang are both considered to be analogous to the claimed invention because they are in the same field of computer networks. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu and Jain to incorporate the teachings of Zhang and provide determining, by the processor set, an access pattern defining servers for accessing the resource over time slices, wherein the servers are assigned to the time slices and wherein the servers are configured to record requests to access the resource received during the time slices; and sending responses from the authoritative domain name server to the local resolver using the access pattern, wherein each response in the responses is assigned to a current time slice in the time slices. Doing so would help provide increased reliability in case one data server is down, so that the other data servers can remain functional (Zhang discloses, “A parallel file system allows requests from a program running on the compute nodes to be served by multiple data servers in parallel,” Page 1.). Claims 12 and 20 are a computer system claim and a computer program product claim, respectively, corresponding to the computer implemented method Claim 1. Therefore, Claims 12 and 20 are rejected for the same reason set forth in the rejection of Claim 1. Regarding Claim 2, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1, further comprising: performing, by the processor set, a number of actions in response to associating the local resolver with the client ( Kommula discloses, “These IP addresses are propagated back via the local DNS server to the original resolver. The application at the client then uses one of the IP addresses to establish a TCP connection with the corresponding host server. Each DNS server caches the list of IP addresses received from the authoritative DNS server for responding to future queries regarding the same host name, until the TTL of the IP addresses expires,” Col 1, Lines 46-53. Here, after the local DNS server is associated with the client, the client’s application establishes a TCP connection with the host server associated with the IP address received from the local DNS server. The local DNS server also caches the list of IP address received from the authoritative DNS server for responding to future queries regarding the same host name.). Claim 13 is a computer system claim corresponding to the computer implemented method Claim 2. Therefore, Claim 13 is rejected for the same reason set forth in the rejection of Claim 2. Regarding Claim 9, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1, wherein the access pattern comprises a resource identifier, server addresses, and time slices assigned to the servers ( Zhang discloses, “At the compute nodes, when a new MPI program is launched and its member processes are spawned, IOrchestrator sends unique identifiers for the running program (job in MPI) and its processes to the pf daemon,” Page 4, “There are two conditions for a time slice to be dedicated to a program j at data server i to be cost effective. The first condition is that SLij be substantially stronger than SLi (a smaller value indicates a stronger locality; quantitative definitions are given below). The second condition is that the reuse distance of program j at data server i, denoted by RDij, is sufficiently small relative to a given SLi. The first condition ensures that efficiency can be improved by dedicating a time slice of the data server to the program,” Pages 4-5, “To evaluate the performance of IOrchestrator, we set up a cluster consisting of six compute nodes, six data servers, and one dedicated metadata server for the PVFS2 file system. All nodes were of identical configuration, each with dual 1.6GHz Pentium processors, 1GB memory, and a SATA disk (Seagate Barracuda 7200.10, 150GB) with NCQ enabled. Each node ran Linux 2.6.21 with CFQ (the default Linux disk scheduler), and used GNU libc 2.6. The PVFS2 parallel file system version 2.8.1 was installed. We used MPICH2-1.1.1, compiled with ROMIO, to generate executables for MPI programs. All nodes were interconnected with a switched Gigabit Ethernet network,” Page 6. Here, the data server is assigned to a time slice. The data server includes an address for external access, and the program, that the data server communicates with, also includes an identifier.). Kommula in view of Liu and Jain, and Zhang are both considered to be analogous to the claimed invention because they are in the same field of computer networks. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu and Jain to incorporate the teachings of Zhang and provide wherein the access pattern comprises a resource identifier, server addresses, and time slices assigned to the servers. Doing so would help provide increased reliability in case one data server is down, so that the other data servers identified can remain functional and assigned to the resource (Zhang discloses, “A parallel file system allows requests from a program running on the compute nodes to be served by multiple data servers in parallel,” Page 1.). Regarding Claim 11, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1, wherein the resource is selected from a group comprising an application, a website, a web application, a database, and a service ( Kommula discloses, “Under the TCP/IP protocol, when a client provides a symbolic name ("URL") to request access to an application program or another type of resource, the host name portion of the URL needs to be resolved into an IP address of a server for that application program or resource. For example, the URL (e.g., http://www.foundrynet.com/index.htm) includes a host name portion www.foundrynet.com that needs to be resolved into an IP address,” Col 1, Lines 27-34. Here, a resource can be selected from an application program or website, as indicated by the host name portion of a URL, which is resolved into an IP address.). Claims 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination), and Karasaridis (US 20200195669 A1). Regarding Claim 3, Kommula in view of Liu, Jain and Zhang teaches the computer implemented method of claim 2. Kommula in view of Liu, Jain and Zhang does not teach wherein the number of actions is selected from at least one of assigning a reputation rating to the local resolver; ignoring an address request for the address to the resource received from the local resolver; or sending a response from the authoritative domain name server to the local resolver that directs an access request for the resource to a honey pot. However, Karasaridis teaches wherein the number of actions is selected from at least one of assigning a reputation rating to the local resolver; ignoring an address request for the address to the resource received from the local resolver; or sending a response from the authoritative domain name server to the local resolver that directs an access request for the resource to a honey pot ( Karasaridis discloses, “In one example, where the anomalous DNS traffic is identified via machine learning as being of a particular type, the contribution or ‘count’ of the detection of the anomalous DNS traffic to the status/reputation score may be different. For instance, if the DNS traffic records indicate a malicious DNS resolver, the contribution to the reputation/status may be (−10). On the other hand, if a DNS resolver is detected as being a source of DNS queries associated with a DDoS attack involving one or more clients of the DNS resolver, the contribution to the reputation/status may be (−5),” ¶ 0026. Here, the action of assigning a reputation score to a DNS resolver is performed. After the combination of Kommula in view of Liu, Jain, and Zhang, with Karasaridis, the action of assigning a reputation score to the DNS resolver from Kommula is performed in response to the DNS resolver being associated with the client from Kommula). Kommula in view of Liu, Jain, and Zhang, and Karasaridis are both considered to be analogous to the claimed invention because they are in the same field of computer networking. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, and Zhang to incorporate the teachings of Karasaridis and provide wherein the number of actions is selected from at least one of assigning a reputation rating to the local resolver; ignoring an address request for the address to the resource received from the local resolver; or sending a response from the authoritative domain name server to the local resolver that directs an access request for the resource to a honey pot. Doing so would help provide increased security for internet communication using DNS (Karasaridis discloses, “In one example, the present disclosure may further include providing reputation scores/statuses to DNS resolvers as a way to protect emerging cloud technologies such as DNS over HTTP,” ¶ 0028.). Claim 14 is a computer system claim corresponding to the computer implemented method Claim 3. Therefore, Claim 14 is rejected for the same reason set forth in the rejection of Claim 3. Claims 4 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination), and St. Pierre (US 20210160283 A1). Regarding Claim 4, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1. Kommula in view of Liu, Jain, and Zhang does not teach wherein identifying, by the processor set, the local resolver comprises: determining, by the processor set, whether the local resolver meets a policy for enabling pattern matching analysis using access patterns. However, St. Pierre teaches wherein identifying, by the processor set, the local resolver comprises: determining, by the processor set, whether the local resolver meets a policy for enabling pattern matching analysis using access patterns ( St. Pierre discloses, “where this pair constitutes a connection pair; compare the packet to a plurality of patterns and/or compare a source or destination address of the packet to known malicious addresses; upon determining that the packet matches a pattern of the plurality of patterns or the source or destination address of the packet matches a known malicious address of the known malicious addresses, deploy a honeypot in a container for the pattern matching the packet, if not yet deployed; and forward all network traffic for the connection pair to the honeypot,” Claim 1. Here, if a packet or its source/destination address is determined to meet a policy/criteria such as being on a watchlist, it is determined to meet a requirement for a honeypot due to the address being deemed suspicious. This aligns with paragraphs 59 and 60 of the present application’s specification, which state “correlator 214 can determine whether local resolver 222 meets policy 231 for enabling pattern matching analysis 230. In this illustrative example, policy 231 is a number of rules. Policy 231 can also include information or data used to apply the rules. This policy can be used to select local resolver 222 for pattern matching analysis 230,” and “The rules and policy 231 can be used to enable this analysis for specific organizational needs. For example, policy 231 can include a static domain watchlist, a dynamic domain watchlist, a presence of a redirect or multi-redirect for specific codes, a presence of an uncached DNS resolver response, a local resolver in a specific location of a network, a local resolver for a critical location network, a local resolver associated with a presence of malicious activity, a local resolver associated with the security breach in the network, or other suitable factors that can be used to generate rules for enabling pattern matching analysis 230.” This means that the claimed resolver has pattern matching analysis enabled for it if it is deemed to be suspicious. After the combination of Kommula in view of Liu, Jain, and Zhang, with St. Pierre, if the local DNS server from Kommula is deemed to be a policy/criteria such as being on a watchlist, as specified by St. Pierre, it is determined to meet the policy for pattern matching analysis due to being suspicious, and pattern matching analysis is therefore enabled for it.). Kommula in view of Liu, Jain, and Zhang, and St. Pierre are all considered to be analogous to the claimed invention because they are in the same field of computer security. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, and Zhang to incorporate the teachings of St. Pierre and provide wherein identifying, by the processor set, the local resolver comprises: determining, by the processor set, whether the local resolver meets a policy for enabling pattern matching analysis using access patterns. Doing so would help improve security to avoid malicious access from external clients/users (St. Pierre discloses, “upon determining that the packet matches a pattern of the plurality of patterns or the source or destination address of the packet matches a known malicious address of the known malicious addresses, deploy a honeypot in a container for the pattern matching the packet, if not yet deployed; and forward all network traffic for the connection pair to the honeypot,” Claim 1.). Claim 15 is a computer system claim corresponding to the computer implemented method Claim 4. Therefore, Claim 15 is rejected for the same reason set forth in the rejection of Claim 4. Claims 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination), and Reischmann (US 20230409411 A1). Regarding Claim 5, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1. Kommula in view of Liu, Jain, and Zhang does not teach wherein determining, by the processor set, the access pattern comprises: selecting, by the processor set, the access pattern from a collection of access patterns, wherein each pattern in the collection is unique from other access patterns in the collection. However, Reischmann teaches wherein determining, by the processor set, the access pattern comprises: selecting, by the processor set, the access pattern from a collection of access patterns, wherein each pattern in the collection is unique from other access patterns in the collection ( Reischmann discloses, “For example, the assignment 208 can be provided as a data set that identifies a pattern 202 using a unique identifier that uniquely identifies the pattern 202 among a set of patterns, and that identifies one or more systems 222 and/or one or more groups 220 by respective unique identifiers that uniquely identify each system 222 or group 220,” ¶ 0029. The claimed “collection of access patterns” is mapped to the disclosed “set of patterns” that a pattern is identified/selected from, wherein each pattern in this set is distinguished from other patterns using a unique identifier. After the combination of Kommula in view of Liu, Jain, and Zhang, with Reischmann, different access patterns can be identified/selected for different DNS resolvers or their clients, from a set of access patterns using a unique identifier, as specified by Reischmann.). Kommula in view of Liu, Jain, and Zhang, and Reischmann are both considered to be analogous to the claimed invention because they are in the same field of computer networks. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, and Zhang to incorporate the teachings of Reischmann and provide wherein determining, by the processor set, the access pattern comprises: selecting, by the processor set, the access pattern from a collection of access patterns, wherein each pattern in the collection is unique from other access patterns in the collection. Doing so would help allow for using a variety of different patterns for the time slices, depending on the scheduling of the servers (Reischmann discloses, “generating a pattern for each timeseries to provide a set of patterns based on data of the set of timeseries, combining patterns of the set of patterns to define a pattern, the pattern representing a schedule of instances over a period of time, and executing, by an instance manager, scaling of the system based on the pattern to selectively scale one or more of instances of the system and controllable resources based on scaling factors of the pattern,” ¶ 0004.). Claim 16 is a computer system claim corresponding to the computer implemented method Claim 5. Therefore, Claim 16 is rejected for the same reason set forth in the rejection of Claim 5. Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination), and Yalamanchi (US 20110022636 A1). Regarding Claim 6, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1. Kommula in view of Liu, Jain, and Zhang does not teach wherein determining, by the processor set, the access pattern comprises: generating, by the processor set, the access pattern using an access pattern policy defining access pattern generation. However, Yalamanchi teaches wherein determining, by the processor set, the access pattern comprises: generating, by the processor set, the access pattern using an access pattern policy defining access pattern generation ( Yalamanchi discloses, “To enforce any restrictions on the DML operation, the DML operation restriction enforcement logic 610 communicates with a security policy logic 620. The security policy logic 620 generates data access constraints expressed as match pattern and apply pattern pairs, where each match pattern identifies some resources, and where an associated apply pattern specifies a sub-graph describing an access constraint associated with the resources.,” ¶ 0061. Here, an access pattern is generated using an access pattern policy (disclosed “security policy logic”, which defines access pattern generation in the form of disclosed “data access constraints”). After the combination of Kommula in view of Liu, Jain, and Zhang, with Yalamanchi, the access pattern for the DNS resolver/client with regards to accessing the resource, from Kommula in view of Liu, Jain, and Zhang, is generated using policy rules as specified by Yalamanchi.). Kommula in view of Liu, Jain, and Zhang, and Yalamanchi are both considered to be analogous to the claimed invention because they are in the same field of computer security. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, and Zhang to incorporate the teachings of Sharifi Mehr and provide wherein determining, by the processor set, the access pattern comprises: generating, by the processor set, the access pattern using an access pattern policy defining access pattern generation. Doing so would help improve security to avoid vulnerabilities (Yalamanchi discloses, “To enforce any restrictions on the DML operation, the DML operation restriction enforcement logic 610 communicates with a security policy logic 620,” ¶ 0061.). Claim 17 is a computer system claim corresponding to the computer implemented method Claim 6. Therefore, Claim 17 is rejected for the same reason set forth in the rejection of Claim 6. Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination), Pyke (CN 112559168 B), and Manadhata (US 20170163670 A1). Regarding Claim 7, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1. Kommula in view of Liu, Jain, and Zhang does not teach wherein the access pattern is a binary pattern in which the servers are special servers that are part of a first cohort assigned to a first number of the time slices in which the requests to access the resource is recorded and wherein normal servers are a second cohort assigned a second number of the time slices in which the requests to access the resource are not recorded. However, Pyke teaches wherein the access pattern is a binary pattern in which the servers are special servers that are part of a first cohort assigned to a first number of the time slices ( Pyke discloses, “monitoring a first plurality of sessions on the first server group and a second plurality of sessions on the second server group; determining a first plurality of durations of the first plurality of sessions based on monitoring of the first plurality of sessions, and determining a second plurality of durations of the second plurality of sessions based on monitoring of the second plurality of sessions,” Abstract. Here, there is a first cohort (mapped to disclosed “first server group”) of which a first plurality of sessions are assigned to a first number of time slices (mapped to disclosed “first plurality of durations”), and a second cohort (mapped to disclosed “second server group”) of which a second plurality of sessions are assigned to a second number of time slices (mapped to disclosed “second plurality of durations”). This forms a binary pattern consisting of two groups of time slices. After the combination of Kommula in view of Liu, Jain, and Zhang, with Pyke, each server from Kommula in view of Liu, Jain, and Zhang, is either assigned to a first cohort and assigned a time slice of the first number of time slices, or assigned to a second cohort and assigned a time slice of the second number of time slices, as specified by Pyke.). Kommula in view of Liu, Jain, and Zhang, and Pyke are both considered to be analogous to the claimed invention because they are in the same field of computer security. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, and Zhang to incorporate the teachings of Pyke and provide wherein the access pattern is a binary pattern in which the servers are special servers that are part of a first cohort assigned to a first number of the time slices and wherein normal servers are a second cohort assigned a second number of the time slices. Doing so would help provide allow for increased security and prevent malicious access to data (Pyke discloses, “The present disclosure relates to a system platform that prevents hackers from obtaining access to a backend data set and prevents continuous access to any data set. More specifically, the invention can stop updating the access to the unauthorized resource to obtain a solution with higher security,” Page 5.). Kommula in view of Liu, Jain, Zhang, and Pyke does not teach the first number of the time slices in which the requests to access the resource is recorded, and the second number of the time slices in which the requests to access the resource are not recorded. However, Manadhata teaches the first number of the time slices in which the requests to access the resource is recorded, and the second number of the time slices in which the requests to access the resource are not recorded ( Manadhata discloses, “Consequently, most DNS servers disable logging. Additionally, even when logging is enabled, some logging techniques may only log DNS queries, when DNS responses may also be useful for detecting and analyzing security events,” ¶ 0009. Here, logging is either enabled or disabled for a DNS server. Logging can include logging requests for resource access. After the combination of Kommula in view of Liu, Jain, Zhang, and Pyke, with Manadhata, the first number of time slices from Pyke, is modified to enable recording of resource access, while the second number of time slices from Pyke, is modified to disable recording of resource access, as specified by Manadhata.). Kommula in view of Liu, Jain, Zhang, and Pyke, and Manadhata are both considered to be analogous to the claimed invention because they are in the same field of computer networking. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, Zhang, and Pyke to incorporate the teachings of Manadhata and provide the first number of the time slices in which the requests to access the resource is recorded, and the second number of the time slices in which the requests to access the resource are not recorded. Doing so would help provide allow for increased efficiency by only recording a fraction of the total number of servers (Manadhata discloses, “Consequently, most DNS servers disable logging. Additionally, even when logging is enabled, some logging techniques may only log DNS queries, when DNS responses may also be useful for detecting and analyzing security events,” ¶ 0009.). Claim 18 is a computer system claim corresponding to the computer implemented method Claim 7. Therefore, Claim 18 is rejected for the same reason set forth in the rejection of Claim 7. Claims 8 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination), and Pyke (CN 112559168 B). Regarding Claim 8, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1. Kommula in view of Liu, Jain and Zhang does not teach wherein the access pattern is a dimensional pattern in which a first number of the servers in a first cohort are assigned to a first number of the time slices and a second number of the servers in a second cohort are assigned to a second number of the time slices. However, Pyke teaches wherein the access pattern is a dimensional pattern in which a first number of the servers in a first cohort are assigned to a first number of the time slices and a second number of the servers in a second cohort are assigned to a second number of the time slices ( Pyke discloses, “monitoring a first plurality of sessions on the first server group and a second plurality of sessions on the second server group; determining a first plurality of durations of the first plurality of sessions based on monitoring of the first plurality of sessions, and determining a second plurality of durations of the second plurality of sessions based on monitoring of the second plurality of sessions,” Abstract. Here, there is a first cohort (mapped to disclosed “first server group”) of which a first plurality of sessions are assigned to a first number of time slices (mapped to disclosed “first plurality of durations”), and a second cohort (mapped to disclosed “second server group”) of which a second plurality of sessions are assigned to a second number of time slices (mapped to disclosed “second plurality of durations”). This forms a dimensional pattern consisting of two groups of time slices, where the number of dimensions is 2. After the combination of Kommula in view of Liu, Jain, and Zhang, with Pyke, each server from Kommula in view of Liu, Jain, and Zhang, is either assigned to a first cohort and assigned a time slice of the first number of time slices, or assigned to a second cohort and assigned a time slice of the second number of time slices, as specified by Pyke.). Kommula in view of Liu, Jain, and Zhang, and Pyke are both considered to be analogous to the claimed invention because they are in the same field of computer security. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, and Zhang to incorporate the teachings of Pyke and provide wherein the access pattern is a dimensional pattern in which a first number of the servers in a first cohort are assigned to a first number of the time slices and a second number of the servers in a second cohort are assigned to a second number of the time slices. Doing so would help provide allow for increased security and prevent malicious access to data (Pyke discloses, “The present disclosure relates to a system platform that prevents hackers from obtaining access to a backend data set and prevents continuous access to any data set. More specifically, the invention can stop updating the access to the unauthorized resource to obtain a solution with higher security,” Page 5.). Claim 19 is a computer system claim corresponding to the computer implemented method Claim 8. Therefore, Claim 19 is rejected for the same reason set forth in the rejection of Claim 8. Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Kommula (US 9015323 B2) in view of Liu (US 20230130232 A1), Jain (US 10936711 B2), Zhang (IOrchestrator: Improving the Performance of Multi-node I/O Systems via Inter-Server Coordination), and Sofer (US 20240291864 A1). Regarding Claim 10, Kommula in view of Liu, Jain, and Zhang teaches the computer implemented method of claim 1. Kommula in view of Liu, Jain, and Zhang does not teach wherein the address is selected from a group comprising an internet protocol address and a media access control address. However, Sofer teaches wherein the address is selected from a group comprising an internet protocol address and a media access control address ( Sofer discloses, “In some embodiments, the attributes comprise connection attributes selected from the group consisting of: User ID, source program, client Internet Protocol (IP) address, server IP, domain name, Uniform Resource Locater (URL), Uniform Resource Identifier (URI), Unique IDentifier (UID), Media Access Control (MAC) address…,” ¶ 0013.). Kommula in view of Liu, Jain, and Zhang, and Sofer are both considered to be analogous to the claimed invention because they are in the same field of computer networking. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Kommula in view of Liu, Jain, and Zhang to incorporate the teachings of Sofer and provide wherein the address is selected from a group comprising an internet protocol address and a media access control address. Doing so would help provide increased flexibility in choosing different types of addresses for configuring access to (Sofer discloses, “In some embodiments, the attributes comprise connection attributes selected from the group consisting of: User ID, source program, client Internet Protocol (IP) address, server IP, domain name, Uniform Resource Locater (URL), Uniform Resource Identifier (URI), Unique IDentifier (UID), Media Access Control (MAC) address…,” ¶ 0013.). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Baughman (US 10212123 B2): Trustworthiness-verifying DNS Server For Name Resolution Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUN whose telephone number is (571)272-6735. The examiner can normally be reached Monday-Friday 8:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aimee Li can be reached at (571) 272-4169. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANDREW NMN SUN/Examiner, Art Unit 2195 /Aimee Li/Supervisory Patent Examiner, Art Unit 2195
Read full office action

Prosecution Timeline

May 01, 2024
Application Filed
Jun 24, 2026
Non-Final Rejection mailed — §103
Jun 24, 2026
Interview Requested
Jun 30, 2026
Applicant Interview (Telephonic)
Jun 30, 2026
Examiner Interview Summary

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12669997
Schedulable Asynchronous Methods with Semi-Reactive Completion Stages
3y 11m to grant Granted Jun 30, 2026
Patent 12632312
AUTOMATIC RESOURCE QUOTA CALCULATIONS BASED ON TENANT WORKLOADS
4y 5m to grant Granted May 19, 2026
Patent 12625734
HIGH AVAILABILITY SCHEDULER EVENT TRACKING
4y 4m to grant Granted May 12, 2026
Study what changed to get past this examiner. Based on 3 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
50%
Grant Probability
99%
With Interview (+100.0%)
3y 6m (~1y 3m remaining)
Median Time to Grant
Low
PTA Risk
Based on 8 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month