DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims1-10 as submitted on 10/3/24 were examined.
Information Disclosure Statement
The IDS submitted on 10/3/24 was considered.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1, 9, and 10 is/are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by Lin (US 2017/0279823).
Claims 1, 9, and 10:
As per claim 1, Lin discloses an image processing apparatus capable of performing Domain Name System (DNS) name resolution using encrypted communication (paragraphs 16, 18, 22 and 109; Proxy server which does DNS name resolution and fetch webpages based on a user’s encrypted webpage requests), the image processing apparatus comprising:
a relay unit configured to relay the encrypted communication between an external system and the image processing apparatus (paragraphs 15-16 and 111; The proxy server performs encrypted communication with a user’s computer and a web/target server, where based on a encrypted requests from the user for webpages, the proxy server decrypts the requests, fetch the webpages based on the request, and returns the requested webpages to the user’s computer in encrypted format);
a detection unit configured to detect a failure in the name resolution by monitoring contents of communication data based on a decryption of the encrypted communication by the relay unit (paragraphs 11, 16-17 and 22; If the name resolution results in an illegal IP address or another attack rule gets triggered, it is considered an error/failure and the domain name resolution information is dropped); and
a control unit configured to perform control associated with security measures
based on detection of the failure in the name resolution (paragraphs 17 and 116-117; Domain name resolution being dropped is considered control associated with security measures).
The rejection of claim 1 applies, mutatis mutandis, to claims 9 and 10.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin (US 2017/0279823) in view of Torres et al (US 2018/0191672).
Claim 2:
Lin further discloses wherein, in a case where a triggered attack rule is detected, the control unit restricts execution of the name resolution as the control associated with the security measures (paragraphs 10-11, 17, and 21; Domain name resolution information is dropped in response to an attack rule being triggered).
Lin does not disclose, but Torres discloses the triggered attack rule detected is a predetermined number or more of failures in the name resolution (paragraph 49). Before the effective filing date of applicant's claimed invention, it would have been obvious to one of ordinary skill in the art to modify Lin’s invention using Torres’s teachings discussed. The rationale for why it would be obvious is that doing so is nothing more than simple substitution of one known element (i.e. monitored attack rule) for another (i.e. different attack rule based on Torres’s teachings) to achieve predictable results, see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007).
Claim 3:
Torres further discloses wherein the restriction of the execution of the name resolution includes not performing the name resolution using communication that does not satisfy a predetermined condition (paragraph 49; Returning a name failure does not satisfy successful name resolution/lookup).
Claim 4:
Lin further discloses wherein communication that satisfies the predetermined condition includes at least one of DNS communication including a preliminarily registered Fully Qualified Domain Name (FQDN) (paragraphs 119 and 123; m.baidu.com is a FQDM and until it was hijacked by the 360 website, was a preliminary registered FQDN), DNS communication including a FQDN for which the name resolution has previously succeeded (paragraphs 119 and 123), DNS communication including a domain of the image processing apparatus (paragraphs 16-17; The user’s computer contacts the proxy server first when requesting a webpage, which means DNS communication includes the domain of the proxy server), or DNS communication including a domain permitted in cross-origin resource sharing (CORS).
Claim(s) 5-6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin (US 2017/0279823) in view of Torres et al (US 2018/0191672) in further view of Selvaraj et al (US 2019/0188385).
Claim 5:
Lin further discloses wherein, in a case where a situation in which a triggered attack rule is detected occurs (paragraphs 10-11, 17, and 21; Domain name resolution information is dropped in response to an attack rule being triggered)., the control unit performs mitigation steps (paragraph 17; Domain name resolution information dropped).
Lin does not disclose, but Torres discloses the triggered attack rule detected is a predetermined number or more of failures in the name resolution occurs a predetermined number of times (paragraph 49). Before the effective filing date of applicant's claimed invention, it would have been obvious to one of ordinary skill in the art to modify Lin’s invention using Torres’s teachings discussed. The rationale for why it would be obvious is that doing so is nothing more than simple substitution of one known element (i.e. monitored attack rule) for another (i.e. different attack rule based on Torres’s teachings) to achieve predictable results, see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007).
Lin also does not disclose, but Selvaraj discloses the mitigation steps in are processing of restoring a program to be used for an operation of the image processing apparatus as the control associated with the security measures (paragraphs 5, 16-17, 20, and 60-61).
Before the effective filing date of applicant's claimed invention, it would have been obvious to one of ordinary skill in the art to further modify Lin’s invention using Selvaraj’s teachings discussed so that instead of merely drooping name resolution information, backup restoration as taught by Selvaraj was also implemented. The rationale for why it would be obvious to use another or additional mitigation teaching within Lin’s modified invention is that doing so is nothing more than combining prior art elements according to known methods to yield predictable results, see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007). In this case, the result is mitigation efforts which does both name resolution information dropping and restore from backup, which should hopefully fix whatever caused the attack rules to be triggered by removing the source.
Claim 6:
Selvarj further discloses wherein the control associated with the security measures includes notification about suspected malware infection (paragraphs 16-17, 44, and 60-61).
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin (US 2017/0279823) in view of Sichevoy et al (US 2020/0213266).
Claim 7:
Lin further discloses wherein the DNS name resolution using the encrypted communication includes DNS name resolution (paragraph 16), and
wherein, in a case where contents of the communication data indicate communication error, the detection unit detects whether the name resolution using the communication associated with the communication data has failed (paragraphs 11, 16-17 and 22; If the name resolution results in an illegal IP address or another attack rule gets triggered, it is considered/determined that an error/failure has occurred and the domain name resolution information is dropped).
Lin does not disclose, but Sichevoy discloses the DNS name resolution is using Domain Name System over Transport Layer Security (DoT), wherein the communication data indicate Transport Layer Security (TLS) communication and indicate communication with a specific port number (paragraphs 32 and 54-55).
Before the effective filing date of applicant's claimed invention, it would have been obvious one of ordinary skill in the art to modify Lin’s invention using Sichevoy’s teachings discussed. Lin does not place any limits on the particular encryption algorithms used in his invention, thus it would be obvious to one of ordinary skill in the art to incorporate Sichevoy’s teachings of DoT in the manner discuss for encryption. The rationale for why it would be obvious is that doing so is nothing more than simple substitution of one known element (i.e. encryption algorithm) for another (i.e. encryption by using DoT) to yield predictable results, see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007).
Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lin (US 2017/0279823) in view of Sichevoy et al (US 2020/0213266) in further view of Zhu et al CN 113438332).
Note that citations to Zhu will be made to the English translation of the document provided with this Office action.
Claim 8:
Lin further discloses wherein the DNS name resolution using the encrypted communication includes DNS name resolution (paragraph 16), and
wherein, in a case where contents of the communication data indicate a response to the communication, the detection unit detects whether the name resolution using the communication associated with the communication data has failed (paragraphs 11, 16-17 and 22; If the name resolution results in an illegal IP address or another attack rule gets triggered, it is considered/determined that an error/failure has occurred and the domain name resolution information is dropped).
Lin does not disclose, but Sichevoy discloses the DNS name resolution is using Domain Name System over Hypertext Transfer Protocol over Transport Layer Security (DoH) (paragraphs 23 and 29).
Before the effective filing date of applicant's claimed invention, it would have been obvious one of ordinary skill in the art to modify Lin’s invention using Sichevoy’s teachings discussed. Lin does not place any limits on the particular encryption algorithms used in his invention, thus it would be obvious to one of ordinary skill in the art to incorporate Sichevoy’s teachings of DoH in the manner discuss for encryption. The rationale for why it would be obvious is that doing so is nothing more than simple substitution of one known element (i.e. encryption algorithm) for another (i.e. encryption by using DoH) to yield predictable results, see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007).
Lin and Sichevoy also do not explicitly disclose, but Zhu discloses the communication data indicate Hypertext Transfer Protocol over Transport Layer Security (HTTPS) communication and include application/dns-message as a content type that is interpretable as a response to the communication (p6, last paragraph: “… for the above three parameters, combining multiple (domain name number * path number * port number) DoH request; the request message head is https: // server: port/path; the content-type and the accept field are set as " application/dns-message "; The DoH protocol specification document RFC8484 requires all the DoH servers to support the return type of the "application/dns-message", and the request content is a complete DNS data packet; The DNS data packet can be constructed optionally in advance in accordance with the DNS message specification. IP address of a certain DoH flow, the IP address generally will reversely analyze a plurality of domain names, then combined with the common service port, service path, generally will generate about 100 DoH request. In order to reduce the time required for verification, multi-thread mode can be used, and multiple DoH requests are sent at the same time…”).
Before the effective filing date of applicant's claimed invention, it would have been obvious one of ordinary skill in the art to modify Lin and Sichevoy’s combination invention using Zhu’s teachings discussed. One of ordinary skill in the art would have been motivated to do so because it would be using DoH in compliance with the DoH protocol specification document (Zhu: p6, last paragraph, as quoted above).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PONNOREAY PICH whose telephone number is (571)272-7962. The examiner can normally be reached M-F 9am-5pm EST, 10am-6pm during Daylight Savings Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/PONNOREAY PICH/Primary Examiner, Art Unit 2495
Prosecution Insights