DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 2/8/2019.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 5 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 5 recites an external BGP neighbor, which is unclear as to the nature or structure of this element. The specification provides no further information regarding a BGP neighbor, which the term seems to imply some type of protocol, but may be some type of structural entity such as a server or router associated with the network. Further, being qualified as external provides no indication as to what the element is external to. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-16, 18-19 rejected under 35 U.S.C. 103 as being unpatentable over Cisco (“Remotely Triggered Black Hole Filtering – Destination Based and Source Based”, White Paper Cisco Systems, Inc. 1992-2005.) in view of Anchor (“Arbor Peakflow SP, Pervasive Network Visibility, Security and Profitable Managed Services”, Data Sheet, Arbor Networks. 1999-2008.).
Regarding claim 1, Cisco discloses: a network protocol modification system comprising one or more computing devices implementing a network-based attack mitigation service, each of the one or more computing devices comprising at least one computer processor and memory (detecting network attack using protocol updates to manipulate route tables at key points of the network to drop undesirable traffic before it enters the network. Cisco p. 1.), wherein the network protocol modification system is configured for: detecting, based at least in part on the network traffic, a network attack on the particular target server, wherein the network attack is directed to a combination of network addresses utilized by the target server (a network monitor, such as an Arbor Network Peakflow device, is used for network anomaly detection. Cisco p. 5. Once an attack has been detected the process can be used to drop pertinent attack traffic based on the specifically identified destination of source IP addresses. Cisco p. 1.); and modifying routing of network transmissions from the one or more sources to the target server by: generating at least one network protocol modification packet based at least in part on the network attack; and transmitting the at least one network protocol modification packet to at least one router in communication with at least one of the one or more computing devices (trigger sends a routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface, which will receive the traffic and have it dropped. Cisco pp. 2-3.).
While Cisco discusses the mitigation process carried out after detecting a network attack, Cisco does not specifically disclose the monitoring network traffic at a target server; identifying one or more sources of the network attack, the one or more sources having one or more source network addresses.  However, Arbor does disclose: monitoring network traffic at a target server (customized network traffic monitoring to identify DDoS attacks. Arbor p. 1.); identifying one or more sources of the network attack, the one or more sources having one or more source network addresses (multi-protocol BGP analysis and monitoring allows for detection and isolation of network anomalies. Arbor p. 2. ).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the attack mitigation system of modifying the routing protocol for redirecting malicious traffic to be dropped of Cisco with monitoring network traffic to identify one or more source IP addresses of a network attack based upon the teachings of Arbor. The motivation being to identify the source of a DDoS attack in order to be able to block it or drop its packets. Anchor p. 1.
Regarding claim 2, Cisco in view of Arbor discloses the limitations of claim 1, wherein the at least one network protocol modification packet comprises a Border Gateway Protocol (BGP) packet (routing update being a BGP update. Cisco p. 3.).  
Regarding claim 3, Cisco in view of Arbor discloses the limitations of claim 1, wherein generating the at least one network protocol modification packet comprises: changing one or more path attributes between the one or more source network addresses and the combination of network addresses utilized by the target server (the BGP update sent by the trigger changes the next hop in the delivery path for the threat traffic destined for the target address. Cisco p. 3.); and generating the BGP packet to include a BGP update message including the changed one or more path attributes for communication to the at least one router (the BGP routing update is delivered to the Provider Edge routing devices to intercept the incoming traffic and change the delivery path to the null and be dropped. Cisco p. 3.).  
Regarding claim 4, Cisco in view of Arbor discloses the limitations of claim 3, wherein changing the one or more path attributes comprises dropping the network transmissions from the one or more sources to the target server (the BGP routing update is delivered to the Provider Edge routing devices to intercept the incoming traffic and change the delivery path to the null and be dropped. Cisco p. 3.).  
Regarding claim 5, Cisco in view of Arbor discloses the limitations of claim 1, further comprising transmitting the at least one network protocol modification packet to at least one external BGP neighbor to a router associated with the target server (the BGP update is sent to all of its iBGP peers. Cisco p. 3.).  
Regarding claim 6, Cisco in view of Arbor discloses the limitations of claim 1, wherein: the at least one router in communication with the at least one of the one or more computing devices is associated with a first autonomous system (AS) associated with a first Internet Service Provider (ISP) (figure 15 depicts various points where traffic can be dropped within an ISP network. Cisco p. 16. Within this type of triggering system, the reference distinctly identifies parameters for threats from “outside the AS”, which implies that autonomous systems exist as part of (interpreted as in communication with) the disclosed ISP network. Cisco p. 16.).  
Regarding claim 7, Cisco in view of Arbor discloses the limitations of claim 6, wherein the network protocol modification system is further configured for: generating a communication channel between the at least one of the one or more computing devices and the first AS; and transmitting the at least one network protocol modification packet to the at least one router via the communication channel (a static route is added in order to facilitate the sending of the BGP update to all of the iBGP peers. Cisco p. 5.).  
Regarding claim 8, Cisco in view of Arbor discloses the limitations of claim 6, wherein the network protocol modification system is further configured for: transmitting the at least one network protocol modification packet to a plurality of routers, wherein: each of the plurality of routers is associated with a respective ISP of a plurality of ISPs; and each of the plurality of routers is in communication with one or more particular computing devices of the one or more computing devices (the configuration of the triggering system can be incorporated into networks including peering ISPs each including ISP edge routers receiving the triggered BGP update for path modification. Cisco p. 13 and 2.).  
Regarding claim 9, Cisco in view of Arbor discloses the limitations of claim 8, wherein the network protocol modification system is further configured for transmitting the at least one network protocol modification packet to the plurality of routers via a respective communication channel (a static route is added in order to facilitate the sending of the BGP update to all of the iBGP peers. Cisco p. 5.).  
Regarding claim 10, Cisco discloses: a computer-implemented network routing protocol modification method comprising: detecting, by a network protocol modification system comprising one or more processors, a network attack on one or more computing devices, the network attack being directed to a combination of network addresses utilized by the one or more computing devices (a network monitor, such as an Arbor Network Peakflow device, is used for network anomaly detection. Cisco p. 5. Once an attack has been detected the process can be used to drop pertinent attack traffic based on the specifically identified destination of source IP addresses. Cisco p. 1.); providing, by one or more processors, a networked communications link between the network protocol modification system and an Internet Service Provider (ISP) system, the ISP system comprising an autonomous system (AS) comprising at least one node (a static route is added in order to facilitate the sending of the BGP update to all of the iBGP peers. Cisco p. 5. The reference indicates that autonomous systems exist as part of the disclosed ISP network. Cisco p. 16.); and mitigating the network attack, by a network protocol modification system comprising one or more processors, by: generating a BGP packet configured to modify how data addressed to the combination of network addresses is routed (a routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface is initiated, which will receive the traffic and have it dropped. Cisco pp. 2-3.), the BGP packet defining routing instructions for malicious network traffic originating from the one or more source network addresses and having a destination address of one of the combination of network addresses utilized by the one or more computing devices (based on either destination or source IP addressing, a routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface is initiated, which will receive the traffic and have it dropped. Cisco pp. 1-3.); and transmitting the BGP packet to the autonomous system (AS) via the networked communications link, wherein the routing instructions comprise an instruction to drop the malicious network traffic (trigger sends a routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface, which will receive the traffic and have it dropped. Cisco pp. 2-3. Figure 15 depicts various points where traffic can be dropped within an ISP network. Cisco p. 16. Within this type of triggering system, the reference distinctly identifies parameters for threats from “outside the AS”, which implies that autonomous systems exist as part of (interpreted as in communication with) the disclosed ISP network. Cisco p. 16.).  
Cisco does not disclose: identifying, by a network protocol modification system comprising one or more processors, based at least in part on the network attack, one or more source network addresses that are a source of the network attack.
However, Anchor does disclose: identifying, by a network protocol modification system comprising one or more processors, based at least in part on the network attack, one or more source network addresses that are a source of the network attack (customized network traffic monitoring to identify DDoS attacks. Arbor p. 1. Multi-protocol BGP analysis and monitoring allows for detection and isolation of network anomalies. Arbor p. 2. ).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the attack mitigation system of modifying the routing protocol for redirecting malicious traffic to be dropped of Cisco with monitoring network traffic to identify one or more source IP addresses of a network attack based upon the teachings of Arbor. The motivation being to identify the source of a DDoS attack in order to be able to block it or drop its packets. Anchor p. 1.
Regarding claim 11, Cisco in view of Arbor discloses the limitations of claim 10, wherein the network attack comprises a distributed denial of service (DDoS) attack (customized network traffic monitoring to identify DDoS attacks. Arbor p. 1.).  
Regarding claim 12, Cisco in view of Arbor discloses the limitations of claim 10, wherein mitigating the network attack comprises transmitting the BGP packet to the at least one node via the networked communications link (a static route is added in order to facilitate the sending of the BGP update to all of the iBGP peers. Cisco p. 5.).  
Regarding claim 13, Cisco in view of Arbor discloses the limitations of claim 10, wherein the instruction to drop the network traffic comprises an instruction to send the malicious network traffic to a local host (the routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface, which will receive the traffic and have it dropped. Cisco pp. 2-3.  The location of the null interface can be configured as part of a local host.).  
Regarding claim 14, Cisco in view of Arbor discloses the limitations of claim 10, wherein: the ISP system is a first ISP system; the autonomous system (AS) is a first AS; the at least one node is at least one first node; the networked communications link is a first networked communications link; and the method further comprises: providing, by one or more processors, a second networked communications link between the network protocol modification system and a second Internet Service Provider (ISP) system, the second ISP system comprising a second autonomous system (AS) comprising at least one second node; and mitigating the network attack, by a network protocol modification system comprising one or more processors, by transmitting the BGP packet to the second autonomous system (AS) via the second networked communications link (triggering devices (interpreted as the recited network protocol modification system) can be any device that runs BGP and does not have to be a router – any UNIX workstation running BGPO could also be used as a triggering device. Cisco p. 5. The added static routes (interpreted as the networked communications links) are added to facilitate the distribution of the BGP update across all of its iBGP peers in order to counter the incoming malicious traffic from the detected source IP address. Cisco p. 5. The disclosed system is configurable using BGP communities including architectures designed to use autonomous systems (AS) and edge routers (PE) across one or more ISP networks to mitigate attacks. Cisco p. 5 and 16.).  
Regarding claim 15, Cisco in view of Arbor discloses the limitations of claim 10, wherein: the at least one second node comprises a first router; the second AS comprises a second router; and mitigating the network attack further comprises transmitting the BGP packet to the first router and the second router (the added static routes (interpreted as the networked communications links) are added to facilitate the distribution of the BGP update across all of its iBGP peers in order to counter the incoming malicious traffic from the detected source IP address. Cisco p. 5.).  
Regarding claim 16, Cisco discloses: a network protocol modification system comprising one or more computing devices implementing a network-based network routing protocol modification service, each of the one or more computing devices comprising at least one computer processor and memory, wherein the network protocol modification system is configured for: providing a networked communications link between the network protocol modification system and an Internet Service Provider (ISP) system, the ISP system comprising an autonomous system (AS) comprising at least one node (a static route is added in order to facilitate the sending of the BGP update to all of the iBGP peers. Cisco p. 5. The reference indicates that autonomous systems exist as part of the disclosed ISP network. Cisco p. 16.); and modifying routing of network transmissions from the one or more source network addresses to one or more destination network addresses by: generating at least one network protocol modification packet based at least in part on the unwanted network traffic, the at least one network protocol modification packet defining routing instructions for the unwanted traffic between the one or more source network addresses and the one or more destination network addresses (a routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface is initiated, which will receive the traffic and have it dropped. Cisco pp. 2-3. Based on either destination or source IP addressing, a routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface is initiated, which will receive the traffic and have it dropped. Cisco pp. 1-3.); and transmitting the at least one network protocol modification packet to the AS via the networked communications link for configuration of the at least one node, wherein: the routing instructions comprise an instruction to drop the unwanted traffic (trigger sends a routing BGP update for the edge routers to change the next hop IP address to another preconfigured static route pointing to the null interface, which will receive the traffic and have it dropped. Cisco pp. 2-3. Figure 15 depicts various points where traffic can be dropped within an ISP network. Cisco p. 16. Within this type of triggering system, the reference distinctly identifies parameters for threats from “outside the AS”, which implies that autonomous systems exist as part of (interpreted as in communication with) the disclosed ISP network. Cisco p. 16.).  
Cisco does not disclose: identifying one or more sources of unwanted network traffic, the one or more sources having one or more source network addresses.
However, Anchor does disclose: identifying one or more sources of unwanted network traffic, the one or more sources having one or more source network addresses (customized network traffic monitoring to identify DDoS attacks. Arbor p. 1. Multi-protocol BGP analysis and monitoring allows for detection and isolation of network anomalies. Arbor p. 2. ).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the attack mitigation system of modifying the routing protocol for redirecting malicious traffic to be dropped of Cisco with monitoring network traffic to identify one or more source IP addresses of a network attack based upon the teachings of Arbor. The motivation being to identify the source of a DDoS attack in order to be able to block it or drop its packets. Anchor p. 1.
Regarding claim 18, Cisco in view of Arbor discloses the limitations of claim 16, wherein the unwanted traffic comprises a distributed denial of service (DDos) attack (customized network traffic monitoring to identify DDoS attacks. Arbor p. 1.).  
Regarding claim 19, Cisco in view of Arbor discloses the limitations of claim 16, wherein the network protocol modification system is further configured for: providing a respective networked communications link between the network protocol modification system and each of a plurality of Internet Service Provider (ISP) systems, each of the ISP systems comprising a respective autonomous system (AS) comprising at least one respective node; and transmitting the at least one network protocol modification packet to each respective AS via the respective networked communications link for configuration of the each at least one respective node (triggering devices (interpreted as the recited network protocol modification system) can be any device that runs BGP and does not have to be a router – any UNIX workstation running BGPO could also be used as a triggering device. Cisco p. 5. The added static routes (interpreted as the networked communications links) are added to facilitate the distribution of the BGP update across all of its iBGP peers in order to counter the incoming malicious traffic from the detected source IP address. Cisco p. 5. The disclosed system is configurable using BGP communities including architectures designed to use autonomous systems (AS) and edge routers (PE) across one or more ISP networks to mitigate attacks. Cisco p. 5 and 16.).  

Claim 17 rejected under 35 U.S.C. 103 as being unpatentable over Cisco in view of Anchor in view of Rose (U.S. Pat. App. Pub. 2007/0220116 A1).
Regarding claim 17, Cisco in view of Anchor discloses the limitations of claim 16. Cisco in view of Anchor does not disclose: wherein: the one or more sources of unwanted traffic comprise one or more host servers; and the unwanted traffic comprises one or more pieces of copyrighted data.
However, Rose does disclose: wherein: the one or more sources of unwanted traffic comprise one or more host servers; and the unwanted traffic comprises one or more pieces of copyrighted data (network filtering based upon traffic associated with copyright protected resources from infringing host IP addresses. Rose para. 0015.).  
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the attack mitigation system of modifying the routing protocol for redirecting malicious traffic to be dropped of Cisco with filtering incoming network traffic based upon determination that the traffic is unwanted copyright infringing content based upon the teachings of Rose.  The motivation being to remove infringing content from search results so that users do not download infringing content. Rose para. 0014.

Claim 20 rejected under 35 U.S.C. 103 as being unpatentable over Cisco in view of Anchor in view of Rooney (U.S. Pat. App. Pub. 2006/0010389 A1).
Regarding claim 20, Cisco in view of Arbor discloses the limitations of claim 19. Cisco in view of Arbor does not disclose: wherein the one or more destination network addresses comprise one or more destination network addresses in a particular geographical area.
However, Rooney does disclose: wherein the one or more destination network addresses comprise one or more destination network addresses in a particular geographical area (analyzing DDoS traffic packets based upon specified geographical regions. Rooney para. 0020.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the attack mitigation system of modifying the routing protocol for redirecting malicious traffic to be dropped of Cisco with traffic packets being associated with a particular geographical area based upon the teachings of Rooney.  The motivation being to analyze the receipt of packets and analyzing the packets to determine the existence of a DDoS attack. Rooney para. 0020.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Williamson (U.S. Pat. 10,819,739 B2), Bronson (U.S. Pat. 10,817,592 B1), Kustarz (U.S. Pat. App. Pub. 2013/0055374 A1), Yanagihara (U.S. Pat. App. Pub. 2008/0010207 A1), and Keogh (U.S. Pat. 9,413,783 B1).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408.  The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/VANCE M LITTLE/Examiner, Art Unit 2493