DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. Claims 1-20 are presented for examination.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
2. Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Eland et al, (hereafter, “Eland”), US 2022/0006774 A1.
Regarding claim 1, Eland teaches a method, comprising:
receiving, by a signing service of a computing system and from a domain name system (DNS) resolver, a first request for a resource record (RR) (i.e., the user enters the desired domain…during the NDS resolution process, a request for a given domain name is routed from a resolver to appropriate server, page 1 paragraph [0003]);
transmitting, by the signing service of the computing system and to a backend unit of the computing system, a domain name system (DNS) query for information associated with a subdomain (i.e., a request for a given domain name is routed from a resolver to appropriate server, page 1 paragraph [0003]);
receiving, by the signing service of the computing system and from the backend unit of the computing system, a first domain name system (DNS) response comprising the information associated with the subdomain (i.e., an appropriate response to the received DNS request, page 3 paragraph [0023]);
determining, by the signing service of the computing system, whether the information associated with the subdomain comprises a flagged nameserver record (i.e., the signing identifier 110 can be defined as presence of a DNSSEC record flag, page 12 paragraph [0079] and pages 5-6 paragraphs [0035]- [0037);
generating, by the signing service of the computing system, a second domain name system (DNS) response, content of the second domain name system (DNS) response based at least in part on whether the information associated with the subdomain comprises the flagged nameserver record (i.e., the signing identifier 110 can be defined as presence of a DNSSEC record flag…used to generate the set of DNS records, page 11 paragraph [0079]); and
transmitting, by the signing service of the computing system, the content of the second domain name system (DNS) response to the domain name system (DNS) resolver (i.e., provide the answer for a DNS query request from the network user upon receiving a DNS lookup request from the network user, page 9 paragraph [0059]).
Regarding claim 2, Eland teaches the method of claim 1, wherein the signing service of the computing system determines that the information associated with the subdomain comprises the flagged nameserver record, and wherein the method further comprises: identifying a key value from the flagged nameserver record (i.e., configuration parameters for a set of signing keys as well as designating which of the record types 26c are to be signed or unsigned, Fig. 3 and page 5 paragraphs [0035]-[0036]), the key value associated with signing material for the computing system (i.e., store key material used to sign the zone records, page 8 paragraph [0054]); transmitting a second request to a signing material database for the signing material for the computing system, wherein the second request comprises the key value; receiving the signing material from the signing material database (i.e., page 8 paragraph [0054]); generating a cryptographic signature using the signing material (i.e., page 8 paragraph [0054]); and storing the cryptographic signature in a resource record signature (RRSIG) file, wherein the content comprises the resource record signature (RRSIG) file (i.e., RRISG record, page 9 paragraph [0060]).
Regarding claim 3, Eland teaches the method of claim 2, wherein key value comprises a hash value based at least in part on a domain identifier (i.e., the name covered by hash value, page 10 paragraph [0068]).
Regarding claim 4, Eland teaches the method of claim 1, wherein the signing service of the computing system determines that the information associated with the subdomain comprises the flagged nameserver record, and wherein the method further comprises: determining that the information associated with the subdomain comprises a resource record (RR) associated with the subdomain (i.e., the signing identifier 110 can be defined as presence of DNSSEC record flag used to generate the set of DNS records, page 11 paragraph [0079]); and filtering the flagged nameserver record from being included in the second domain name system (DNS) response, wherein the content comprises the resource record (RR) associated with the subdomain (i.e., for a considered unsigned domain name…can contain only unsigned records, page 6 paragraph [0037]).
Regarding claim 5, Eland teaches the method of claim 1, wherein the signing service of the computing system determines that the information associated with the subdomain comprises the flagged nameserver record, and wherein the content comprises the resource record (RR) associated with the subdomain and the flagged nameserver record (i.e., the signing identifier 110 can be defined as presence of DNSSEC record flag used to generate the set of DNS records, page 11 paragraph [0079]).
Regarding claim 6, Eland teaches the method of claim 1, wherein the signing service of the computing system determines that the information associated with the subdomain does not comprise the flagged nameserver record (i.e., recognized that the individual RR sets can contain only unsigned records, Fig. 2 and page 6 paragraph [0037]), and wherein the method further comprises: determining that the information associated with the subdomain comprises a resource record (RR) associated with the subdomain, wherein the content comprises the resource record (RR) associated with the subdomain (i.e., record for each pertinent subdomain for a particular zone, page 6 paragraph [0037]).
Regarding claim 7, Eland teaches the method of claim 1, wherein determining whether the information associated with the subdomain comprises a flagged nameserver record comprises: identifying a nameserver record from the information associated with the subdomain (i.e., signing identifier is an indication of record signed or record unsigned for each pertinent domain/subdomain, page 6 paragraph [0037]); and determining whether the nameserver comprises a suffix associated with a flag indicative of flagged NS record (i.e., .defined as a presence of a DNSSEC record flag/indicator…to generate the set of DNS records, page 11 paragraph [0079]).
Regarding claims 8-14, those claims recite a computing system for performing method claims 1-7, discussed above, same rationale of rejections is applied.
Regarding claims 15-20, those claims recite one or more non-transitory computer-readable media having stored thereon a sequence of instructions that, when executed by one or more processors of a computing system, cause the one or more processors to perform method claims 1-7, discussed above, same rationale of rejections is applied.
Conclusion
3. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kumar, US 2024/0323685 A1, discloses a system and method, all DNS operations are performed over secure DNS (DNS over TLS or DNS over HTTPS) to prevent DNS data tampering by man-in-the-middle (MITM) attacks, wherein, for protection against DNS data falsification or DNS cache poisoning attacks, the DNS answer resource records (i.e., responses) from the configured DNS servers to the KDS requests may be digitally signed as per the Domain Name System Security Extensions (DNSSEC) specification, therefore, device validation may be performed by the KDS using authenticated DNS records (i.e., paragraph [0208]).
Joffe et al., US 2024/0214346 A1, discloses Systems and methods are described herein for providing proxy mechanisms for DNS services, such as resolving DNS requests (i.e., abstract).
Liu et al., US 2023/0130115 A1, discloses a system determines whether the record is dangling contemporaneous with DNS traffic; in response to receiving a DNS query, the system determines a record corresponding to the DNS query (e.g., a domain, a subdomain, an IP address, etc.), and the system determines whether the record is dangling contemporaneous with servicing the DNS query (i.e., page 2 paragraph [0015]).
Joffe et al., US 2023/0102361 A1, systems and methods are for providing proxy mechanisms for DNS services, such as resolving DNS requests (i.e., abstract).
Daviss, US 2023/0062068 A1, discloses techniques for performing domain name system (DNS) support on public resolvers (i.e., abstract).
Woodworth et al., US 2022/0094661 A1, discloses a recursive DNS resolver can use the private key to sign answers to received requests (i.e., page 4 paragraph [0047]).
McPherson, US 12,463,956 B2, discloses DNS package may comprise a validator configured to valid a response received by the RNS based on a Domain Name System Security Extensions (“DNSSEC”) certificate (i.e., col. 7 lines 41-44).
Kumar, US 11,936,772 B1, discloses a system and method, all DNS operations are performed over secure DNS (DNS over TLS or DNS over HTTPS) to prevent DNS data tampering by man-in-the-middle (MITM) attacks, wherein for protection against DNS data falsification or DNS cache poisoning attacks, the DNS answer resource records (i.e., responses) from the configured DNS servers to the KDS requests may be digitally signed as per the Domain Name System Security Extensions (DNSSEC) specification, therefore, device validation may be performed by the KDS using authenticated DNS records (i.e., col. 33 lines 22-31).
4. Any inquiry concerning this communication or earlier communications from the examiner should be directed to OANH DUONG whose telephone number is (571)272-3983. The examiner can normally be reached Maxi flex Mon-Fri 6:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached at (571) 272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/OANH DUONG/Primary Examiner, Art Unit 2441
Prosecution Insights