DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, anycorrection of the statutory basis for the rejection will not be considered a new ground ofrejection if the prior art relied upon, and the rationale supporting the rejection, would bethe same under either status. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1-6, 8-12 and 14-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Carter et al. (US 20070168823 A1) in view of Jalan et al. (US 2014/0325588 A1).

Carter et al. disclose a method and apparatus for preventing network outages with the following features: regarding claim 1, a non-transitory machine-readable storage medium comprising instructions that upon execution cause a device to: initiate an acknowledgement storm detection process in response to failover of a network connection from a first input/output (1/O) module to a second 1/O module, wherein the acknowledgement storm detection process comprises: determining whether esynchronization between a received packet and a sent packet satisfies a criterion, and in response to determining that the desynchronization between the received packet and the sent packet satisfies the criterion, initiate an action to recover from the desynchronization (Fig. 4, a diagram illustrating components used to handle situations in which acknowledgement loops occur in accordance with an illustrative embodiment of the present invention, see teachings in [0009-0014, 0040-0052 &0056] summarized as “a non-transitory machine-readable storage medium comprising instructions that upon execution cause a device to: initiate an acknowledgement storm detection process in response to failover of a network connection from a first input/output (1/O) module to a second 1/O module (i.e. a computer implemented method, apparatus, and computer usable program code to determine whether an acknowledgement storm has taken place, which is caused when both ends of the TCP connection may send acknowledgement packets back and forth over and over under desynchronization state, wherein the acknowledgement storm detection process comprises: determining whether desynchronization between a received packet and a sent packet satisfies a criterion (i.e. detection of acknowledgement storm involving a desynchronized state may occur if a malicious user at end point 402 changes the sequence number such that the acknowledgement packet sent by end point 402 is for data not yet sent by end point 400 and additionally, a desynchronized state also may occur if middle box 410 pads or adds bytes to the data being sent to end point 404 and as a result, the acknowledgement packet sent by end point 404 may contain a sequence number for data not yet sent by end point 400, a counter is incremented if the sequence number in the acknowledgement packet is for data that has not yet been transmitted, once the counter reaches a threshold, it is determined that the desynchronized has occurred), and in response to determining that the desynchronization between the received packet and the sent packet satisfies the criterion, initiate an action to recover from the desynchronization (i.e. after determining a desynchronization between two end points 402 and 404 has occurred and the acknowledgement loop may be repeated up to 3 times an action is initiated by sending a reset, RST, command to the other endpoints 402 and 404)”).
Carter et al. also disclose the following features: regarding claim 2, wherein the desynchronization between the received packet and the sent packet satisfies the 
Carter et al. is short of expressly teaching “initiate an acknowledgement storm detection process in response to failover of a network connection from a first input/output (1/O) module to a second 1/O module”.
Jalan et al. disclose a method and system to facilitate network access control and prevent malicious attacks with the following features: regarding claim 1, initiate an acknowledgement storm detection process in response to failover of a network connection from a first input/output (1/O) module to a second 1/O module (Fig. 1, a network arrangement that provides network access control in accordance with the present disclosure, see teachings in [0023, 0026, 0034-0038, 0058 & 0062] summarized as “initiate an acknowledgement storm detection process in response to failover of a network connection from a first input/output (1/O) module to a second 1/O module (i.e. network topology 100 may include a number of host servers 105A-N, a 
It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carter et al. by using the features as taught by Jalan et al. in order to provide a more effective and efficient system that is capable of initiating an acknowledgement storm detection process in response to failover of a network connection from a first input/output (1/O) module to a second 1/O module. The motivation of using these functions is that it is more cost effective and dynamic.

Regarding claim 12:
Carter et al. disclose a method and apparatus for preventing network outages with the following features: regarding claim 12, a first input/output (1/O) module comprising: a network stack to communicate packets over a network; a hardware processor; and a non-transitory storage medium storing instructions executable on the hardware processor to: recreate a network connection at the first 1/O module based on a state of the network connection at a second 1/O module that has experienced a fault; determine whether desynchronization between a received packet and a sent packet communicated in the network connection satisfies a criterion indicative of an acknowledgment storm; and in response to determining that the desynchronization between the received packet and the sent packet satisfies the criterion, initiate an action to recover from the desynchronization (Fig. 4, a diagram illustrating components used to handle situations in which acknowledgement loops occur in accordance with an illustrative embodiment of the present invention, see teachings in [0009-0014, 0040-a first input/output (1/O) module comprising: a network stack to communicate packets over a network (i.e. first endpoint 402 (I/O module) comprising network stake includinf TCP transport layer (fig. 3) to communicate packets over network), a hardware processor; and a non-transitory storage medium storing instructions executable on the hardware processor to: recreate a network connection at the first 1/O module based on a state of the network connection at a second 1/O module that has experienced a fault (i.e. a computer implemented method, apparatus, and computer usable program code to determine whether an acknowledgement storm has taken place, which is caused when both ends of the TCP connection may send acknowledgement packets back and forth over and over under desynchronization state, and as a result the network is flooded with acknowledgement packets and loop of acknowledgement packets being sent back and fourth between end points 402 and 404 and causing acknowledgement storm and as a result a afailure or crash in the end points may take place, and a rest commanad is sent by the endpoint 402 to second endpoint 404), determine whether desynchronization between a received packet and a sent packet communicated in the network connection satisfies a criterion indicative of an acknowledgment storm (i.e. detection of acknowledgement storm involving a desynchronized state may occur if a malicious user at end point 402 changes the sequence number such that the acknowledgement packet sent by end point 402 is for data not yet sent by end point 400 and additionally, a desynchronized state also may occur if middle box 410 pads or adds bytes to the data being sent to end point 404 and as a result, the acknowledgement packet sent by end point 404 may contain a sequence number for data not yet sent by end point 400, a counter is incremented if the and in response to determining that the desynchronization between the received packet and the sent packet satisfies the criterion, initiate an action to recover from the desynchronization (i.e. after determining a desynchronization between two end points 402 and 404 has occurred and the acknowledgement loop may be repeated up to 3 times an action is initiated by sending a reset, RST, command to the other endpoints 402 and 404)”).
Carter et al. also disclose the following features: regarding claim 14, wherein the desynchronization between the received packet and the sent packet satisfies the criterion if a number of received packets that are desynchronized with respect to the sent packet exceeds a count threshold within a specified time duration (Fig. 4, a diagram illustrating components used to handle situations in which acknowledgement loops occur in accordance with an illustrative embodiment of the present invention, see teachings in [0040-0052 &0056] summarized as “the desynchronization between the endpoints 402 and 404 is reached when an acknowledgement packet containing a sequence number for data is not yet received and each time the counter is incremented when the sent packet is not received, and the counter reading is compared to a threshold to determine whether the threshold count has exceeded”); regarding claim 15, wherein the instructions are execrable on the processor to further detect a presence of the acknowledgment storm based on an inconsistency of a property in a header of the received packet or the sent packet, the property selected from among a window size, a timestamp, and a selective acknowledgment field (Fig. 4, a diagram illustrating 
Carter et al. is short of expressly teaching “recreate a network connection at the first 1/O module based on a state of the network connection at a second 1/O module that has experienced a fault”.
Jalan et al. disclose a method and system to facilitate network access control and prevent malicious attacks with the following features: regarding claim 12, recreate a network connection at the first 1/O module based on a state of the network connection at a second 1/O module that has experienced a fault (Fig. 1, a network arrangement that provides network access control in accordance with the present disclosure, see teachings in [0023, 0026, 0034-0038, 0058 & 0062] summarized as “recreate a network connection at the first 1/O module based on a state of the network connection at a second 1/O module that has experienced a fault (i.e. network topology 100 may include a number of host servers 105A-N, a number of switches, such as switch 110A and switch 110E combining/coupling the host servers 105A-N and thus, an ADC 115 including one (or more) ADC switches, such as ADC switch 120A and ADC switch 120B which may operate in different modes, such as  active and standby mode, plurality of clients 130A-N, local DNS Servers 140A-N and host servers, establishing a connection between two network devices such as a client device and a server, is through the use of a SYN packet, to synchronize the sequence numbers of the two devices of SYN packets it receives, such that it doesn't have enough resources to respond to all of the requests, and thus is unable to respond to any of them ACK attack/storm may occur 
It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carter et al. by using the features as taught by Jalan et al. in order to provide a more effective and efficient system that is capable of recreating a network connection at the first 1/O module based on a state of the network connection at a second 1/O module that has experienced a fault. The motivation of using these functions is that it is more cost effective and dynamic.
Jalan et al. also discloses the following features: regarding claim 18, wherein the recreating of the network connection at the first 1/O module is responsive to a failover request from a device coupled to the first and second 1/O modules (Fig. 1, a network arrangement that provides network access control in accordance with the present disclosure, see teachings in [0034-0038, 0058 & 0062] summarized as “the ADC 115 comprising of the ADC switches 120A and 120B provide redundancy protection and failover protection by using the information of the ack attack/storm and creating the network connection with switching over by the controller 115 at the second I/O module (Host server 105).
Regarding claim 19:
Carter et al. disclose a method and apparatus for preventing network outages with the following features: regarding claim 19, a method performed by a device, comprising: initiating an acknowledgement storm detection process in response to failover of a Transmission Control Protocol (TCP) connection from a first 1/O module to a second 1/O module, wherein the acknowledgement storm detection process comprises: detecting a pattern of mismatches between sequence or acknowledgment numbers in received packets and sent packets, and in response to the detecting, reset the TCP connection (Fig. 4, a diagram illustrating components used to handle situations in which acknowledgement loops occur in accordance with an illustrative embodiment of the present invention, see teachings in [0009-0014, 0040-0052 &0056] summarized as “a method performed by a device, comprising: initiating an acknowledgement storm detection process in response to failover of a Transmission Control Protocol (TCP) connection from a first 1/O module to a second 1/O module (i.e. a computer implemented method, apparatus, and computer usable program code to determine whether an acknowledgement storm has taken place, which is caused when both ends of the TCP connection may send acknowledgement packets back and forth over and over under desynchronization state, and as a result the network is flooded with acknowledgement packets and loop of acknowledgement packets being sent back and fourth between end points 402 and 404 and causing acknowledgement storm and as a result a afailure or crash in the end points may take place, wherein the endpoint 402 and the endpoint 404 may be considered as I/O modules), wherein the acknowledgement storm detection process comprises: detecting a pattern of mismatches between sequence or acknowledgment numbers in received packets and sent packets (i.e. detection of acknowledgement storm involving a desynchronized state may occur if a malicious user at end point 402 changes the sequence number such that the acknowledgement packet sent by end point 402 is for data not yet sent by end point 400 and additionally, a desynchronized state also may occur if middle box 410 pads or adds bytes to the data being sent to end point 404 and as a result, the acknowledgement packet sent by end point 404 may contain a sequence number for data not yet sent by end point 400, a counter is incremented if the sequence number in the acknowledgement packet is for data that has not yet been transmitted, once the counter reaches a threshold, it is determined that the desynchronized has occurred), and in response to the detecting, reset the TCP connection (i.e. after determining a desynchronization between two end points 402 and 404 has occurred and the acknowledgement loop may be repeated up to 3 times an action is initiated by sending a reset, RST, command to the other endpoints 402 and 404)”).
Carter et al. is short of expressly teaching “initiating an acknowledgement storm detection process in response to failover of a Transmission Control Protocol (TCP) connection from a first 1/O module to a second 1/O module”.
Jalan et al. disclose a method and system to facilitate network access control and prevent malicious attacks with the following features: regarding claim 19, initiating an acknowledgement storm detection process in response to failover of a Transmission Control Protocol (TCP) connection from a first 1/O module to a second 1/O module (Fig. 1, a network arrangement that provides network access control in accordance with the present disclosure, see teachings in [0023, 0026, 0034-0038, 0058 & 0062] initiating an acknowledgement storm detection process in response to failover of a Transmission Control Protocol (TCP) connection from a first 1/O module to a second 1/O module (i.e. network topology 100 may include a number of host servers 105A-N, a number of switches, such as switch 110A and switch 110E combining/coupling the host servers 105A-N and thus, an ADC 115 including one (or more) ADC switches, such as ADC switch 120A and ADC switch 120B which may operate in different modes, such as  active and standby mode, plurality of clients 130A-N, local DNS Servers 140A-N and host servers, establishing a connection between two network devices such as a client device and a server, is through the use of a SYN packet, to synchronize the sequence numbers of the two devices of SYN packets it receives, such that it doesn't have enough resources to respond to all of the requests, and thus is unable to respond to any of them ACK attack/storm may occur when a client device repeatedly sends ACK packets to a network device by continually attempting to reconstruct the SYN-cookie, and when due to ack attack/storm a traffic threshold is reached at the host server, the ADC 115 detects  the service may be forwarded to other host servers, and the ADC switch 120A, for example, operating in an active mode will fialover to the ADC switch 120B operating standby mode, and a detection procecedure starts to prevent malicious attacks such as a denial of service attack due to ack storm)”).
It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carter et al. by using the features as taught by Jalan et al. in order to provide a more effective and efficient system that is capable of initiating an acknowledgement storm detection .

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Carter et al. (US 20070168823 A1) in view of Jalan et al. (US 2014/0325588 A1) as applied to claim 1above, and further in view of Tee et al. (US 2018/0248850 A1).

Carter et al. and Jalan et al. disclose the claimed limitations as described in paragraph 4 above. Carter et al. and Jalan et al. do not expressly disclose the following features: regarding claim 7, wherein resetting the network connection comprises resetting the network connection with a zero linger timeout.
Tee et al. disclose apparatus and methods for improving network connections between computing devices with the following features: regarding claim 7, wherein resetting the network connection comprises resetting the network connection with a zero linger timeout (Fig. 2, a block diagram depicting an exemplary implementation of the proxy device depicted in fig. 1, see teachings in [0022, 0026, ] summarized as “in order for peak TCP throughput to be achieved on a link, a TCP transmitter will ideally fill the link's capacity with as much data as physically possible, while waiting for acknowledgements (ACKs), before sending the next sequence of data payload, the proxy server app 226 may be implemented as a user-space application, and in operation, the proxy server app 226 performs handshake operations, the closure notification module 224 and socket closure module 228 handle the closing of sockets by 
It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carter et al. with Jalan et al. by using the features as taught by Tee et al. in order to provide a more effective and efficient system that is capable of resetting the network connection comprises resetting the network connection with a zero linger timeout. The motivation of using these functions is that it is more cost effective and dynamic.

Claims 13 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Carter et al. (US 20070168823 A1) in view of Jalan et al. (US 2014/0325588 A1) as applied to claim 1above, and further in view of Chen et al. (US 2018/0109456 A1).

Carter et al. and Jalan et al. disclose the claimed limitations as described in paragraph 4 above. Carter et al. and Jalan et al. do not expressly disclose the following features: regarding claim 13, further comprising: an operating system kernel, the network stack and the instructions being part of the operating system kernel; regarding claim 20, wherein the acknowledgement storm detection process is performed by a module of an operating system kernel of the second 1/O module.
Chen et al. disclose a system, a method, and a device for network load balance processing with the following features: regarding claim 13, further comprising: an operating system kernel, the network stack and the instructions being part of the 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M BOKHARI whose telephone number is (571)270-3115.  The examiner can normally be reached on Monday through Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kwang B Yao can be reached on 5712723182.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-




/SYED M BOKHARI/            Examiner, Art Unit 2473
3/13/2021                      
/KWANG B YAO/Supervisory Patent Examiner, Art Unit 2473