DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received 01/07/2021. 

Response to Amendment
Claims 2, 7, 11, 16 and 18 have been cancelled. Claim 25 has been newly added. Claims 1, 3-6, 8-10, 12-15, 17 and 19-25 have been examined. 
Claims 1, 6, 10, 12, 15, 17, 19 and 20 have been amended. 
Applicant’s arguments with respect to claim(s) 1, 10 and 17 regarding the new limitations: “obtaining, from the plurality of path computation clients, an indication that the plurality of path computation clients have determined that the fatigue states satisfy one or more conditions; and in response to obtaining the indication that the plurality of path computation clients have determined that the fatigue states satisfy the one or more conditions, instructing the plurality of path computation clients to route the particular type of network traffic so as to proactively mitigate one or more fatigue-affected segments in the network”, have been considered but are moot in view of the new grounds of rejection presented in the current office action.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 3, 5, 8, 10, 12, 14, 17, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record US 7389537 to Callon et al (hereinafter Callon) and US 8295188 to Craig Elrod (hereinafter Elrod).
As per claims 1, 10 and 17, Callon teaches:
(Callon: column 19, lines 20-24: in other embodiments consistent with the principles of the invention central management system 1210 may be implemented as part of a network device. Column 8, lines 25-28: network devices such as routers A-D): 
providing, to a plurality of path computation clients, segment identifiers for a particular type of network traffic that is potentially associated with a denial of service attack (Callon: Fig. 12 and column 18, lines 12-18: central management system 1210 may forward the attack information directly to routers B and C, the routers connected to malicious users. Central management system 1210 may also analyze the attack information and develop alternative attack information that is forwarded to routers B and C. column 5, lines 41-51: The attack information includes criteria defining characteristics of packets that should be discarded because they are considered part of the attack and are therefore malicious. For example, the control packet may indicate source and destination addresses (segment identifiers) in the DOS packets. Additional information, such as User Protocol, TCP Port, etc. (segment identifiers), may also be optionally specified. The attack information may be sent in a control packet); 
obtaining, from the plurality of path computation clients, information indicating fatigue states for segments of the network, wherein the fatigue states are determined based on the particular type of network traffic having a destination address that matches an address of the destination segment (Callon: column 18, lines 24-42: Central management system 1210 may also receive information from a router, such as router D, or a firewall, such as firewall 1202, indicating an amount of data that matches the attack characteristics. For example, a router or firewall may count a number of packets and/or bytes that match the attack characteristics, such as packets having a particular source address-destination address pair, a particular protocol field value, a particular TCP SYN field value, etc. The router or firewall may then forward this information to central management system 1210); 
obtaining, from the plurality of path computation clients, an indication that the plurality of path computation clients have determined that the fatigue states satisfy one or more conditions; and 
instructing the plurality of path computation clients to route the particular type of network traffic so as to proactively mitigate one or more fatigue-affected segments in the network (Callon: column 18, lines 43-67: if the attack-related count is relatively high, central management system 1210 may provide an audible and/or visual alert to the network operator indicating that action must be taken based on the received count information. Central management system 1210 may be pre-configured to automatically provide commands based on the received attack information. In either case, the commands may also be based on historical data associated with the network and configuration data associated with the network. Central management system 1210 may then forward this attack response information to other devices, such as routers A-D and firewalls, indicating the appropriate response. The attack response information may include rate limit information associated with rate limiting one or more categories of traffic).
Callon teaches instructing the routers to rate limit one or more categories of traffic but does not teach: obtaining, from the plurality of path computation clients in the network, segment identifiers identifying a destination segment to which the particular type of network traffic is destined; in response to obtaining the segment identifiers identifying the destination segment, determining that the destination segment is a destination for the particular type of network traffic; obtaining, from the plurality of path computation clients, an indication that the plurality of path computation clients have determined that the fatigue states satisfy one or more conditions; and in response to obtaining the indication that the plurality of path computation clients have determined that the fatigue states satisfy the one or more conditions, instructing the plurality of path computation clients to route the particular type of network traffic so as to proactively mitigate one or more fatigue-affected segments in the network. However, Elrod teaches:
obtaining, from the plurality of path computation clients in the network, segment identifiers identifying a destination segment to which the particular type of network traffic is destined (Elrod: column 3, lines 26-54: In addition to copying network threats and/or VoIP traffic streams, the switch sends other useful information to the security management device, for example, using an eXtensible Markup Language (XML) application program interface (API). The useful information can include details from the switch's forwarding database (FDB) such as media access control (MAC) addresses, IP addresses, and corresponding switch port numbers of ports with which devices assigned to those addresses are reachable. The security management device is able to build communication streams with the information received from the switch to determine the exact source of a threat and/or target of attack. Building communication streams can involve identifying, analyzing, tracking, and/or extracting certain packet fields or other information from network traffic, including packets. Column 5, lines 8-20: In one embodiment, the information extracted by SMD 140 includes source and destination IP addresses from the address fields of packets); 
in response to obtaining the segment identifiers identifying the destination segment, determining that the destination segment is a destination for the particular type of network traffic (Elrod: column 3, lines 26-54: In one embodiment, the security management device may track the source IP address field and the destination IP address field of packets to determine the source and the target of the attack. In another embodiment, the security management device uses the information from the switch's FDB to determine the source and the target of the attack. A combination of FDB information and packet field information may also be used.);
obtaining, from the plurality of path computation clients, an indication that the plurality of path computation clients have determined that the fatigue states satisfy one or more conditions (Elrod: column 2, lines 64-67 and column 3, lines 1-32: Threats are detected by a switch using dynamic policy rules designed to detect artifacts and identify footprints of the threats. In one embodiment, a switch measures the ratio of incoming Address Resolution Protocol (ARP) requests to outgoing ARP responses in the network traffic. If the ratio is above a predetermined threshold, the switch, using dynamic policy rules, may determine that a threat exists. In another embodiment, the switch measures the ratio of incoming TCP SYN packets to incoming TCP ACK packets. Again, if the ratio is above a predetermined threshold, the switch may determine that a threat exists. In addition to measuring ratios of packets, ACLs may be used in a switch to measure other usage-based packet statistics including, but not limited to, cumulative counts of packets meeting a certain profile, cumulative counts of packet bytes from packets meeting a certain profile, rates, or changes in rates, at which packets are received, etc. In one embodiment, network threats and/or VoIP traffic streams are copied and sent from the switch to a security management device for further analyzing (obtaining an indication of fatigue states from the switch). In addition to copying network threats and/or VoIP traffic streams, the switch sends other useful information to the security management device. Also, column 4, lines 44-57: In one embodiment, traffic mirrored to SMD is labeled with the threat-type "suspicious” (obtaining an indication of fatigue states from the switch)); and 
in response to obtaining the indication that the plurality of path computation clients have determined that the fatigue states satisfy the one or more conditions, instructing the plurality of path computation clients to route the particular type of network traffic so as to proactively mitigate one or more fatigue-affected segments in the network (Elrod: column 4, lines 3-21: In addition to redirecting the attacker's system, the security management device dynamically builds a policy to be employed at the switch. A policy defines an action or set of actions to be carried out when a predetermined event or set of events occurs. Further embodiments include a policy that causes the switch to quarantine traffic from the attacker to an isolated VLAN (routing particular traffic to an isolated VLAN). Once a policy has been created, the security management device sends the policy to at least the switch that detected the threat, for example, using the XML API mentioned above. The switch then enforces the policy to mitigate the threat/attack. Also, column 6, lines 37-45: After the policy has been created, it is sent from SMD 140 to the switch(es)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Elrod in the invention of Callon to include the above limitations. The motivation to do so would be to detect artifacts and identify footprints of threats (Elrod: column 2, lines 64-66).

As per claims 3, 12 and 19, Callon in view of Elrod teaches:
The method of claim 1, wherein providing the segment identifiers identifying the particular type of network traffic includes providing segment identifiers indicating a destination port of the particular type of network traffic (Callon: column 5, lines 41-51: The attack information includes criteria defining characteristics of packets that should be discarded because they are considered part of the attack and are therefore malicious. For example, the control packet may indicate source and destination addresses in the DOS packets. Additional information, such as User Protocol, TCP Port, etc., may also be optionally specified).

As per claims 5 and 14, Callon in view of Elrod teaches:
The method of claim 1, wherein at least one path computation client of the plurality of path computation clients is a redistribution element, and wherein: obtaining the segment identifiers identifying the destination segment includes obtaining a segment identifier identifying the destination segment from the redistribution element that indicates that the at least one path computation client is the redistribution element (Elrod: column 3, lines 26-37: network threats and/or VoIP traffic streams are copied and sent from the switch to a security management device for further analyzing. In addition to copying network threats and/or VoIP traffic streams, the switch sends other useful information to the security management device, for example, using an eXtensible Markup Language (XML) application program interface (API). The useful information can include details from the switch's forwarding database (FDB) such as media access control (MAC) addresses, IP addresses, and corresponding switch port numbers of ports with which devices assigned to those addresses are reachable).

As per claim 8, Callon in view of Elrod teaches:
The method of claim 1, wherein: instructing the plurality of path computation clients to route the particular type of network traffic includes instructing the plurality of path computation clients to route the particular type of network traffic so as to proactively defend against the denial of service attack (Elrod: column 4, lines 3-21: In addition to redirecting the attacker's system, the security management device dynamically builds a policy to be employed at the switch. A policy defines an action or set of actions to be carried out when a predetermined event or set of events occurs. Further embodiments include a policy that causes the switch to quarantine traffic from the attacker to an isolated VLAN (routing particular traffic to an isolated VLAN). Once a policy has been created, the security management device sends the policy to at least the switch that detected the threat, for example, using the XML API mentioned above. The switch then enforces the policy to mitigate the threat/attack. Also, column 6, lines 37-45: After the policy has been created, it is sent from SMD 140 to the switch(es). Column 1, lines 50-58: Attacks including, but not limited to, Denial of Service (DoS), Distribute DoS (DDoS), viruses, worms, polymorphic viruses, blended attacks, and Day-Zero threats can be launched against a network to disrupt configuration and routing information and physical network components. Attacks can also tie up and/or consume network bandwidth, host central processing unit (CPU) time, and disk space. One example of a DoS attack is a TCP flood attack).

As per claim 21, Callon in view of Elrod teaches: 
The method of claim 5, wherein the redistribution element serves as a common network element connection point (Fig. 12: routers B, C, D).

Claims 4, 13, 20 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Callon in view of Elrod as applied to claims 1, 10 and 17 above, and further in view of prior art of record US 8646064 to Holloway et al (hereinafter Holloway).
As per claims 4, 13 and 20, Callon in view of Elrod teaches instructing the network devices to route traffic based on fatigue states but does not teach: generating a network map of the segments, the network map including the fatigue states, wherein instructing the plurality of path computation clients to route the particular type of network traffic includes instructing the plurality of path computation clients to route the particular type of network traffic based on the network map. However, Parker teaches: 
further comprising: generating a network map of the segments, the network map including the fatigue states, wherein instructing the plurality of path computation clients to route the particular type of network traffic includes instructing the plurality of path computation clients to route the particular type of network traffic based on the network map (Holloway: column 8, lines 34-53: In order to identify which domain is the target of the attack, the zones may be split into multiple zone maps, each of which may be associated with a different set of IP addresses of the proxy service node. The proxy service node may then cause the DNS records for those domains to be changed such that those domains will point to the different IP addresses according to the zone map. If the attack is domain related (e.g., directed at a specific domain as opposed to being directed at an IP address), then the attack should follow to the changed IP address. The proxy server can further determine the zone map that includes the domain that is being attacked. Holloway: Column 14, lines 10-30: The module 180 may use the zone maps 535 to isolate the domain and/or IP address that is under attack, as previously described. After identifying a potential DoS attack, the DoS identification and mitigation module 180 may take one or more mitigation actions as previously described, which may be dependent on the security rules that are set for domain(s) that are affected by the attack. Example mitigation actions include routing the traffic for the attacked domain(s) to a particular data center or hardware device that is dedicated to handling attacks (e.g., the dedicated DoS computing device 190)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Holloway in the invention of Callon in view of Elrod to include the above limitations. The motivation to do so would be to perform denial-of-service (DoS) detection and mitigation in a cloud-based proxy service (Holloway: column 2, lines 51-53).

As per claim 22, Callon in view of Elrod does not teach: wherein the redistribution element is a gateway. However, Holloway teaches: 
wherein the redistribution element is a gateway (Holloway: column 2, lines 61-67: The cloud-based proxy service illustrated in FIG. 1 includes a set of proxy server(s) 120 that are situated between the client computing devices 110A-I and the origin servers 130A-N).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Holloway in the invention of Callon in view of Elrod to include the above limitations. The motivation to do so would be to perform denial-of-service (DoS) detection and mitigation in a cloud-based proxy service (Holloway: column 2, lines 51-53).

Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Callon in view of Elrod as applied to claims 1 and  10 above, and further in view of US 10523589 to Taohui Wang (hereinafter Wang).
As per claims 6 and 15, Callon in view of Elrod does not explicitly teach: obtaining an indication that the plurality of path computation clients have determined that fatigue levels exceed one or more fatigue thresholds. However, Wang teaches:
obtaining an indication that the plurality of path computation clients have determined that fatigue levels exceed one or more fatigue thresholds (Wang: column 7, line 61-column 8, line 5: the backbone network switching device 12 may further report a congestion degree of the backbone network switching device 12 and report an event of discarding traffic that is over the guaranteed bandwidth and a congestion degree to the policy center. Also, column 12, lines 31-52).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Wang in the invention of Callon in view of Elrod to include the above limitations. The motivation to do so would be so that the policy center determines, according to the event, a user whose bandwidth needs to be reduced, and delivers an adjustment policy of reducing the bandwidth of the user to the network device (Wang: column 8, lines 1-5).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Callon in view of Elrod as applied to claim 1 above, and further in view of prior art of record US 20060272018 to Stefan A. Fouant (hereinafter Fouant).
As per claim 9, Callon in view of Elrod does not explicitly teach: wherein the destination segment is outside the network. However, Fouant teaches:
wherein the destination segment is outside the network (Fouant: [0023]: A communication system 100 includes a transport network 101 operated by a service provider. The network 101 serves customer networks 103, 105, 107 via Provider Edge (PE) devices 109, 111, 113, respectively. The system 100 permits outbound flows (that are flowing towards a customer) to be sampled and sent to the collector device 705, where analysis can be performed and alerts can be sent in the event the customer is the victim of a DDoS attack. As seen in fig. 1, the customer networks (destinations) are outside the service provider network).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Fouant in the invention of Callon in view of Elrod to include the above limitation. The motivation to do so would be to provide an approach for detecting Denial of Service (DoS) attacks (Fouant: [0007]).

Claims 23 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Callon in view of Elrod as applied to claim 5 above, and further in view of US 20170237767 to George et al (hereinafter George).
As per claim 23, Callon in view of Elrod does not teach: wherein the redistribution element is located between two domains. However, George teaches:
wherein the redistribution element is located between two domains (George: [0107] Referring back to step 302 of FIG. 3, in one embodiment of the present disclosure, the off-network source is connected to the network via an ingress node. [0108]: As used herein, "ingress node" refers generally and without limitation to a network node that receives traffic from one or more off-network sources (e.g., the Internet or other external unmanaged or managed networks) for distribution via the MSO's backbone network, i.e., the ingress node is located between two domains. Also, [0109]-[0110]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of George in the invention of Callon in view of Elrod to include the above limitations. The motivation to do so would be to provide methods and apparatus for mitigating network attacks (George: [0016]).

As per claim 24, Callon in view of Elrod and George teaches: 
The method of claim 23, wherein the redistribution element is a protocol converter (George: [0109] In one variant, the ingress node is configured to encapsulate a first protocol received from the off-network, for delivery on the network via a second protocol. [0110] In other variants, the ingress node is configured to perform protocol translation of the first protocol to a second protocol).
The examiner provides the same rationale to combine prior arts Callon in view of Elrod and George as in claim 23 above. 

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Callon in view of Elrod and Wang as applied to claim 6 above, and further in view of US 20170339062 to Mayer-Wolf et al (hereinafter Mayer-Wolf).
As per claim 25, Callon in view of Elrod and Wang does not teach: wherein the one or more fatigue thresholds include one or more dynamically learned fatigue thresholds. However, Mayer-Wolf teaches:
wherein the one or more fatigue thresholds include one or more dynamically learned fatigue thresholds (Mayer-Wolf: [0016] The congestion avoidance system 116 includes a congestion avoidance trigger engine 118 and a dynamic threshold determination engine 120. The dynamic threshold determination engine 120 is configured to dynamically determine a plurality of thresholds 121, on packet-to-packet basis, for each packet received by the congestion avoidance system 116, and to provide the dynamically determined thresholds 121 to the congestion avoidance trigger engine 118, in an embodiment. The congestion avoidance trigger engine 118 is configured to determine, using the dynamically determined thresholds 121 provided by the dynamic threshold determination engine 120, whether or not to trigger various traffic management operations for the packet).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Mayer-Wolf in the invention of Callon in view of Elrod and Wang to include the above limitations. The motivation to do so would be to determine whether or not to trigger various traffic management operations for the packet (Mayer-Wolf: [0016]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359.  The examiner can normally be reached on 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438