Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-19 are pending.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 10 and 11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential steps, such omission amounting to a gap between the steps. See MPEP § 2172.01.
Claim 1 for example, includes “..sending a response to a first source Internet protocol (IP) address..”. Claim recites “sending a response” without receiving a request. As a result, it is not clear as what caused the response to be sent, if there was a request what was requested or whether or not the response to a first source IP address is caused by a request from the first source IP address.
As such, claim is omitting essential steps (i.e., receiving a request for…), such omission amounting to a gap between the steps.
Independents claims 10 and 11 include similar limitations and are rejected under 35 U.S.C. 112(b) as being incomplete for omitting essential steps.
Regarding dependent claims 2-9 and 12-19, they are dependent on the rejected independent claims, and thus inherit those rejections.
Claim Rejections - 35 USC § 101
835 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claims when analyzed under 2019 Revised Patent Subject Matter Eligibility Guidance, are directed to abstract idea. Claim 1 for example, recites a method and, therefore, is a process.
The claim recites the limitation of “…sending a response to a first source…determining receipt of a return query…determining a second token…by executing a function…and validating the return query by comparing first token and the determined second token”. These limitations, under broadest reasonable interpretation are directed performance of the limitation in a human mind. That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, the claim encompasses a human simply sending on a piece of paper a response including a written edited/modified domain name to a first entity/person, receiving from a second entity/ person a return query, determining/generating a second token by implementing a function on a piece of paper, and validating the return query by simply comparing the second token with first token. The steps of determining a second token by using a function and validating the return query, by simply comparing the second token with a first token, is a mental process. Thus, the claim recites a mental process when analyzed under step 2A prong 1.
Claim is further analyzed in step 2A prong 2, to evaluate whether the claim as a whole integrates the recited judicial exception into a practical application of the exception. This evaluation is performed by identifying whether there are any additional elements recited in the claim beyond the judicial exception, and evaluating those additional elements individually and in combination to determine whether the claim as a whole integrates the exception into a practical application. However, each of the remaining limitation (sending a response to a first source Internet protocol (IP) address including a modified domain name, receive return query from second source IP address) is recited at a high level of generality (i.e., as a general means of collecting modified domain name), and amount to mere data gathering, which is a form of insignificant extra solution activity. Each of the additional limitations is no more than mere instruction to apply the exception using a generic computer component. The combination of these additional element is no more than generic computer functions. Thus, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limitations on practicing the abstract idea.
Claim is additionally analyzed under Step 2B to evaluates whether the claim as a whole amount to significantly more than the recited exception, whether any additional element, or combination of additional elements, adds an inventive concept to the claim. When claims evaluated under step 2B, it is no more than what is well-understood, routine, conventional activity in the field. The specification does not provide any indication anything other than a generic computer component. The mere sending a response to a first source…determining receipt of a return query… determining a second token… and validating the return query by comparing first token and the determined second token is a well-understood, routing and conventional function when it is claimed in a merely generic manner as it is here.
Independent claims 10 and 11 include limitations similar to the limitations of claim 1 and are rejected under 35 U.S.C. 101 as being directed to abstract idea for the same reasons discussed above with respect to claim 1.
Dependent claims 2-9 and 12-19 do not cure the deficiency of the independent claims and are directed to abstract idea when analyzed under 2019 Revised Patent Subject Matter Eligibility Guidance.
Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 05-29-2024 has been considered. Please see attached PTO-1449.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 7, 8, 10-12, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Tzakikario et al. (US Patent No. 7,620,733 ), hereinafter Tzakikario, in view of Kulkarni et al. (US Patent 8,671,444), hereinafter Kulkarni.
As per claim 1, 10 and 11, Tzakikario discloses a method for defending a domain name system (DNS) name server from malicious attacks using a DNS challenge (column 2, lines 24-28, “embodiments of the present invention provide methods and system for DNS authentication ...[t]he authentication, methods described herein comprises a ‘challenge-response’ exchange messages..”), comprising: sending a response to a first source Internet protocol (IP) address (column 3, lines 58-60, “guard processor 34, sends, via network interface 32, a DNS response to the unauthenticated source address”), wherein the response has a modified domain name (column 4, lines 1-5, “[t]he DNS response sent by the guard in response to this request has the form ‘example.CNAME cookie.example.com.gaurd-as .com’”) that includes a first token (column 5, lines 35-36, “the canonical name comprising an encoded ‘cookie,’ i.e., a secret value”), the first source IP address (column 5, lines 47, “ Source IP address”), and an original domain name (column 3, line 66-column4 line 3, example.com); determining receipt of a return query for the modified domain name (column 6, lines 1-3 and 15-18, “[h]aving sent the DNS response, the guard device checks whether the unauthenticated source address sends a second DNS request , at a response checking step 54”…[t]he second DNS request should contain a query for a domain name of the form cookie.mail.example.com.gaurd-as.com”); upon receipt of the return query, determining a second token for the return query by executing a function with respect to the first source IP address in the modified domain name (column 6, lines 17-21, “[u]pon receiving the second DNS request, having the form cookie. anyDNSname.guard-as.com, the guard decodes the "cookie" string extracted from the second request and checks whether the cookie comprises the correct information, at a cookie verification step”, the second token is determined by decoding the cookie); and
validating the return query by comparing the first token and the determined second token, wherein the first token is extracted from the modified domain name of the return query (column 6, lines 32-35,“If the decoded cookie in the second DNS request does not match the cookie sent in the DNS response, the method reverts to spoof declaration step 56, concluding that the unauthenticated source address is spoofed”).
Tzakikario does not explicitly discloses wherein the return query is received from a second source IP address. However, in an analogous art, Kulkarni discloses the return query is received from a second source IP address (column 7, lines 22-24, “The user takes the token value and uses a second channel where they enter the token value and a second authentication parameter”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Tzakikario and Kulkarni. This would have been obvious because one of ordinary skill in the art would have been motivated to enhance authentication security by implementing multiple channels and devices of a user during authentication.
As per claim 2 and 12, Tzakikario further discloses, wherein determining receipt of the return query remediates potential malicious attacks from an unvalidated DNS query (column 3, lines 2-8, if challenge-response procedure is not successful the DNS request is discarded).
As per claim 7 and 17, Tzakikario further discloses, generating the first token of a first query (column 5, lines 47, generating the cookie), wherein the first query from the first source IP address has the original domain name (column 3, line 66-column 4, line 1, “DNS request queries server 22 for the IP address corresponding to the domain example.com).
As per claim 8 and 18, Tzakikario furthermore discloses, wherein the first token and the second token are each a token, and wherein the token is a random-looking string uniquely generated for each query, wherein the token is generated based on at least one of: a secret, a current time of the each query, the original domain name, and the first source IP address (column 5, lines 44-55, The guard device typically generates the cookie by encoding one or more of the following: Source IP address of the first DNS request. IP TTL (Time-To-Live) value of the first DNS request. IP TTL should not be confused with DNS TTL. The use of IP TTL is further described below. The domain name queried by the first DNS request. A pseudo-random number generated by the guard device”).
Claims 3-5 and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Tzakikario in view of Kulkarni, further in view of Paterson et al. (US Patent No. 12,074,911), hereinafter Paterson.
As per claim 3 and 13, Tzakikario further discloses, wherein the return query is valid when the first token is identical to the second token, further comprising: adding the first source IP address [and the second source IP address] of the validated return query to a whitelist (column 6, lies 36-42, “If the two cookies do match, the guard declares the source address authenticated…The guard typically stores the authenticated source address in a "whitelist" of authenticated addresses”).
Tzakikario as modified does not explicitly adding the second source IP address. However, adding a second source IP address is old and well known as illustrated by Paterson (column 5, lines 55-63 “ the
whitelist definition 22 may be a database or data file that indicates that IP addresses 192.168.0.1-192.168.0.4 are whitelisted access sources 102 for usage of protected user account ‘Ul.’ Additionally the whitelist definition 22 indicates that IP addresses 192.168.0.1 , 192.168.0.5, and 192.168.0.6 are whitelisted access sources 104 for protected user account ‘U2.’”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified Tzakikario to include the well know feature of adding a second or multiple trusted sources to a whitelist as disclosed by Paterson, in order to achieve the predictable result of allowing quick validation of authorized request from different location or systems, thereby improving access efficiency.
As per claim 4 and 14, Paterson furthermore disclose, determining a subnet for each of the first source IP address and the second source IP address; and adding IP addresses of the subnet to the whitelist (claim 1, “identify a set of sources…obtain a subset of the set of sources as a whitelist”). The motivation is similar to motivation provided in claim 3.
As per claim 5 and 15, Tzakikario furthermore discloses relaying a subsequent query to at least one name server without the DNS challenge, wherein the subsequent query is received from an IP address in the whitelist (column 6, lines 38-41, “The guard typically stores the authenticated source address in a ‘whitelist’ of authenticated addresses in database 35. Subsequent DNS requests originating from this source address are then allowed to reach DNS server 22”) .
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Tzakikario in view of Kulkarni, further in view of Reddy et al. (US Publication No. 2017/0346855), hereinafter Reddy.
As per claim 6 and 16, Tzakikario furthermore discloses, wherein a third query for the original domain name accesses the DNS name server via the name server address, wherein the third query and the return query is sent from a same source ( column 6, lines 1-9 and 40-42, “DNS request originated from this source [client] are then allowed to reach DNS server 22”, reaching DNS server 22 is through a third query to DNS. The third query and the return query are sent from the client ).
Tzakikario does not explicitly disclose, but in an analogous art, Reddy discloses sending a name server address to the second source IP in association to the modified domain name (figure 4, claim 4, “sending the cached DNS response to the second endpoint device”. The second endpoint has a second IP address).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the modified Tsakikario with Reddy. This would have been obvious because one of ordinary skill in the art would have been motivated to deliver DNS response to different user devices.
Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Tzakikario in view of Kulkarni, further in view of Migult et al. (US Publication No. 2025/0126151), hereinafter Migult.
As per claim 9 and 19, Tzakikario as modified does not explicitly disclose, but in an analogous art, Migault discloses determining a DNS resolver associated with the first source IP address as a legitimate DNS resolver (paragraph [0074], determines whether the DNS resolver is the expected DNS resolver based on a comparison of the received certificate or the computed hash and the certificate or hash included in the configuration parameters).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the modified Tsakikario with Migault. This would have been obvious because one of ordinary skill in the art would have been motivated to improve end user’s privacy by allowing communication to authorized and trusteed resolver.
References Cited, Not Used
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kaliski et al. (US Publication No.2018/0034827) discloses, one or more DNS services are configured to not only tolerate some commonly observed DNSSEC misconfigurations (while still providing DNSSEC's security guarantees), but also provide a more intelligent DNS resolution process informed by DNSSEC.
Vissamsetty et al. (US Publication No. 20180013788) discloses, MITM attacks are detected by intercepting network configuration traffic (name resolution, DHCP, ARP, ICMP, etc.) in order to obtain a description of network components. MITM attacks may be confirmed by transmitting fake credentials to a source of a response to a request for network configuration information. If the fake credentials are accepted or are subsequently used in an access attempt, then a MITM attack may be confirmed.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300 Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437