DETAILED ACTION
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/8/2021 has been entered.
- Claims 1-2, 12-13, 23-24 have been amended.
- No claims are added. Claims 4 and 15 have previously been cancelled.
- The double patenting rejection has been held in abeyance until the final scope of the claims has been determined.
- Claims 1-3, 5-14 and 16-30 are pending. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s Remarks filed on 2/8/2021 have been fully considered.
Arugments regarding an Official Notice taken in the previous office action is not persuasive. The office action did not rely on Official Notice, instead it relied on Applicant’s own definition of “spoofing” in the specification of the current invention, in particular [0017] which states that:

Therefore assigning a second anycast address for the plurality of data scrubbing appliances, as taught in Smith, discloses the recited spoofing because communication using the second anycast address would appear as if it is with a single scrubbing appliance.

Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1, 12 and 23 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. These claims recite “a second anycast address for the distributed network” however the original disclosure supports only a second anycast address for the plurality of scrubbing centers.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 8, 10-13, 19, 21-24, 27 and 29-30 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al (US Pub.No. 2016/0241590) in view of Applicant disclosed reference Agarwal et al “DdoS Mitigation via Regional Cleaning Centers”, Sprint ATL Research Report RR04-ATL-013177, January 2004.

Re Claim 1. Smith discloses a method of providing infrastructure protection for a server of a network organization, the method comprising: announcing an internet protocol (IP) address range associated with the network organization using a border gateway protocol (BGP) on an edge server of a distributed network of edge servers (i.e. The method 300 might comprise assigning a first anycast IP address to each of a plurality of servers and/or assigning a second anycast IP address to each of a plurality of data scrubbing appliances or data scrubbers ("DS") (block 305). Any suitable technique can be used to anycast an address. Merely by way of example, in some embodiments, each device (e.g., server or DS, respectively) in the same group can be configured with the anycast IP address and border gateway protocol ("BGP") can be used to advertise the anycast IP address on different subnets or different network segments) [Smith, para.0038,0023], (i.e. 
anycasting can be considered any technique by which a group of devices is addressed with a single IP address) [Smith, para.0029, advertising an anycast IP address used to address a group of devices each having an IP address discloses announcing an IP address range], the IP address range identifying a list of IP addresses (i.e. the DS routers 115 might have static routes 150 configured to unicast IP addresses assigned to each server 105) [para.0034, servers 105 are a plurality of servers each having an IP address, therefore a list of IP addresses] owned by the network organization (i.e. methods for redirecting network traffic (e.g., requests from hosts on the Internet to servers at an Internet service provider ("ISP"), servers at a content provider, etc.) that is originally destined for a series of servers that all respond to the same IP address using a technique known in the art as "anycasting") [Smith, para.0023]; receiving an incoming network packet intended for the server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a distributed network of edge servers (i.e. in a routing table at one or more network elements, a first route directing, to the data scrubbing appliances, network traffic addressed to the destination server (first) anycast IP address (block 310). In one embodiment, this is accomplished using a technique resembling traffic diversion) [Smith, para.0039]; determining, by the distributed network, whether the incoming network packet is legitimate (i.e. the plurality of data scrubbing appliances might be configured to receive network traffic addressed to the first anycast IP address, filter the network traffic to block undesirable network traffic, and/or transmit the filtered network traffic, via one or more network tunnels, to one or more of the plurality of servers) [Smith, para.0012]; 
When this traffic is cleaned by one or more specialized filtering devices in the center, the legitimate traffic is redirected to the destination ……..identify the legitimate traffic, and allow only that traffic to exit the device) [Agarwal, p.2.col.2, p.3, col.2], [Agrawal, p.8, col.2, discloses using GRE tunneling].
 	Smith also discloses routing using generic routing encapsulation (GRE) (e.g. DS router 115 and server router 120) is configured to establish a network tunnel 125 (and in the particular case of the routers 115a and 120a, the tunnel 125a, and in the case of DS router 115a and server router 120b, tunnel 125b, and so on) to transport traffic between them. These tunnels 125, which can be virtual private network ("VPN") tunnels, multiprotocol label switching ("MPLS") tunnels, Internet protocol security ("IPSec") tunnels, generic routing encapsulation ("GRE") tunnels, or any other type of tunneling technology that can function to encapsulate traffic and allow custom routing between a DS router 115 and corresponding server router 120) [Smith, para.0031];
 	Smith further discloses: wherein a spoofed source IP address serves as a second anycast address for the distributed network (i.e. assigning a second anycast IP address to each of a plurality of data scrubbing appliances or data scrubbers ("DS") (block 305). Any suitable technique can be used to anycast an address. Merely by way of example, in some embodiments, each device (e.g., server or DS, respectively) in the same group can be configured with the anycast IP address and border gateway protocol ("BGP") can be used to advertise the anycast IP address on different subnets or different network segments) [Smith, para.0038].
 	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith with Agarwal because by deploying cleaning centers inside ISP backbones, we are no longer victim to DDoS attacks saturating under-provisioned edge links. We are no longer placing the burden of DDoS attack mitigation with large numbers of enterprise networks, but instead placing the burden with the fewer numbers of ISPs. Further, large numbers of devices and cleaning centers in an ISP are amortized among many enterprise customers. A single point of failure will no longer exist [Agrawal, p.2, col.1].

Re Claims 12 and 23. These claims disclose features similar to those recited in claim 1 and therefore they are rejected in a similar manner.

Re Claims 2, 13 and 24. Smith in view of Agarwal discloses the features of claims 1, 12 and 23, Smith in view of Agrawal further discloses wherein routing using the GRE comprises: encapsulating, at the distributed network, the incoming network packet with first header information including a destination address comprising the private IP address for the server (i.e. Another tunneling technique is GRE (generic routing encapsulation). Unlike L2TPv3, GRE does not create a virtual layer-2 connection. Instead, packets are encapsulated inside a new IPv4 packet with a different destination address. At the destination, the packets can be decapsulated. However, the GRE header requires 8 bytes and the additional IPv4 delivery header requires 20 bytes which reduces the MTU [27], as in L2TPv3. However, for both GRE and L2TPv3, the routers inside the ISP can be reconfigured to allow MTUs greater than 1500) [Agarwal, p.8, col.2, section B5], the private IP address unknown to an end user (i.e. DS router (e.g., 115a) receiving traffic from an data scrubber (e.g., 110a) can implement load balancing among the servers 105 by selecting different tunnels (e.g., 125a, 125b, 125c) or different static routes (e.g., 150a, 150b, 150c) in any desired fashion (e.g., round robin, etc.) when routing traffic to the servers 105. In some cases, both the static routes 150 and the tunnels 125 can be implemented in the same embodiment, so that a DS router (e.g., 115a) might have a series of static routes (e.g., 150a, 150b, 150c) configured and a series of tunnels (e.g., 125a, 125b, 125c) established for routing filtered traffic to the servers 105) [Smith, para.0034, the private IP address is unknown to the user because the user does not know which server the load balancing algorithm will select);
 	Agarwal further discloses: and transmitting the encapsulated incoming network packet to the server at the private IP address based on the first header information (i.e. When this traffic is cleaned by one or more specialized filtering devices in the center, the legitimate traffic is redirected to the destination ……..identify the legitimate traffic, and allow only that traffic to exit the device) [Agarwal, p.2.col.2, p.3, col.2].  
 	The same motivation to modify Smith with Agarwal, as in claim 1, applies.

Re Claims 8, 19 and 27. Smith in view of Agarwal discloses the features of claims 1, 12 and 23, Agrawal further discloses wherein the edge server is nearest an end user (i.e. Each cleaning center can be assigned a particular prefix. This way, load can be balanced across different centers. Alternatively, each cleaning center can announce the same victim prefixes. The ingress router for each of the cleaning centers will have the same loopback address. The IGP will pick the closest cleaning center to use. This is a form of anycast) [Agarwal, p.3, col.1-2, and p.7, col.2].
	The same motivation to modify Smith with Agarwal, as in claim 1, applies.

Re Claims 10, 21 and 29. Smith in view of Agarwal discloses the features of claims 1, 12 and 23, Smith further discloses wherein the edge server is an anycast edge server (i.e. The system 100 also comprises a plurality of data scrubbing appliances 110 (also referred to herein as "data scrubbers" and "data scrubbing devices"). In some embodiments, the data scrubbing appliances 110 are anycast to a single IP address (which is a different address than the address assigned to the servers 105)) [Smith, para.0030].  

Re Claims 11, 22 and 30. Smith in view of Agarwal discloses the features of claims 1, 12 and 23, Smith in view of Agarwal does not explicitly disclose however it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith to include: wherein a scrubbing center comprises the distributed network of edge servers because it is suggested as a possible variation (i.e. if the data scrubber infrastructure comprises four scrubbing center) [Smith, para.0006].  

Claims 3, 6-7, 14, 17-18 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Applicant disclosed reference Agarwal et al as applied to claims 2, 13 and 24, further in view of Applicant disclosed reference Huici et al “An edge-to-edge filtering architecture agains DoS”, ACM SIGCOMM Computer Communication Review, April 2007, pp.41-50, vol.37, No.2.

Re Claims 3, 14 and 25. Smith in view of Agarwal discloses the features of claims 2, 13 and 24, Smith in view of Agarwal does not explicitly disclose whereas Smith in view of Agarwal and Huici does: further discloses: comprising receiving an encapsulated outgoing network packet from the server, wherein the encapsulated outgoing network packet is an outgoing network packet which has been encapsulated by the server (i.e. If packets from a client to a server are encapsulated, should the reverse path traffic also be encapsulated? If it is encapsulated, should the forward-path encapsulator serve as the reverse-path decapsulator? ....................The decapsulator should be able to ask another decapsulator for the list of encapsulators corresponding to a specific client address handled by that decapsulator. The architecture does not require either, but there are advantages if both are true) [Huici, p.46, col.11-2 sections 4.1 - 4.2],  
 	Smith in view of Agarwal and Huici does not explicitly disclose: with header information comprising an anycast address, however Smith discloses assigning an anycast address for the scrubbing appliances (i.e. each device (e.g., server or DS, respectively) in the same group can be configured with the anycast IP address and border gateway protocol ("BGP") can be used to advertise the anycast IP address on different subnets or different network segments) [Smith, para.0038]; therefore it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith in view of Agarwal and Huici to include the anycast address of the scrubbing centers in the header information because the anycast address is the only advertised address for the scrubbing centers and therefore including that address in the 
 	Huici further discloses: decapsulating the outgoing network packet to generate a decapuslated outgoing network packet by removing the encapsulation added by the server that includes the header information (i.e. At the decapsulator, the outer encapsulation header is removed) [Huici, p.42, col.2, section 2.1], (i.e. To perform edge-to-edge encapsulation, the encapsulator needs to know how to map the destination IP address from a data packet to the address of the relevant decapsulator. Essentially this is a routing problem, and this information could in principle be conveyed by BGP…..The mapping from network prefix to decapsulator address or addresses is relatively static, so we suggest that a separate dissemination channel be used to distribute these mappings) [Huici, p.42, col.2, section 2.2], (i.e. If packets from a client to a server are encapsulated, should the reverse path traffic also be encapsulated? If it is encapsulated, should the forward-path encapsulator serve as the reverse-path decapsulator? ....................The decapsulator should be able to ask another decapsulator for the list of encapsulators corresponding to a specific client address handled by that decapsulator) [Huici, p.46, col.1-2 sections 4.1 - 4.2]; and transmitting the decapsulated outgoing network packet to the end user (i.e. At the decapsulator, the outer encapsulation header is removed, and the packet is forwarded on to the server (i.e. destination)) [Huici, p.42, col.2, section 2.1, note: in a reverse-path the destination is the user]. 
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith in view of Agarwal with Huici in order to provide a simple and effective architectural defense against distributed DoS attacks that requires no changes to the end-hosts, minimal changes to the network core, is robust to spoofing, provides incentives for initial deployment, and can be built with off-the-shelf hardware [Huici, Abstract].

Re Claims 6 and 17. Smith in view of Agarwal and Huici discloses the features of claims 3 and 14, Agarwal further discloses wherein the received encapsulated outgoing network packet is received at a network organization and routed external to the server (i.e. When this traffic is cleaned by one or more specialized filtering devices in the center, the legitimate traffic is redirected to the destination) [Agarwal, p.2, col.2].
	The same motivation to modify Smith with Agarwal, as in claim 1, applies.

Re Claims 7 and 18. Smith in view of Agarwal and Huici discloses the features of claims 6 and 17, Smith further discloses wherein the server is one of a plurality of servers in the network organization (i.e. provide an architecture, systems, and/or methods for redirecting network traffic (e.g., requests from hosts on the Internet to servers at an Internet service provider ("ISP"), servers at a content provider, etc.) that is originally destined for a series of servers that all respond to the same IP address (using a technique known in the art as "anycasting"). This architecture can route the traffic through a series of data scrubbing devices (also referred to as "data scrubbing appliances") via an anycast IP address) [Smith, para.0023].  

 	 Claims 5, 16 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Agarwal and Huici as applied to claims 3, 14 and 25, further in view of Foo et al (US Pub. No.2015/0156035).

Re Claims 5 and 16. Smith in view of Agarwal and Huici discloses the features of claims 3 and 14, Huici further discloses: wherein the decapsulating is performed by the processor at an edge server [Huici, p.46, col.1-2 section 4.1- 4.2].
	The same motivation to modify Smith-Agrawal with Huici, as in claim 3, applies.
 	Smith-Agarwal-Huici does not explicitly disclose that the selected edge server is nearest the server whereas Foo does (i.e. A SDNS node 304 (e.g., an intermediate node) nearest or connected to a specified next service device 312 may receive and decapsulate the data packet. Based on the tag or other information in the payload of the data packet, the intermediate SDNS node 304 may determine that the data packet should be forwarded to the attached service device 312 for processing. Based on this determination, the intermediate SDNS node 304 may forward the decapsulated native data packet to a service device 312 connected to the SDNS node 304 for processing by the service device 312. The service device 312 may return the processed data packet back to the SDNS node 304 from which the service device 312 received the data packet) [Foo, para.0028].
 	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith-Agarwal-Huici with Foo because it  may reduce operation expenses as compared with current or traditional methods of implementation or deployment of network services. Additionally, the disclosed systems and methods may provide a more flexible use of existing resources and improve the long-term data center lifecycle. The disclosed systems and methods may also enable services virtualization [Foo, para.0025].

 Re Claim 26, the features in this claim are similar to features recited in claims 5 and 6, therefore it is rejected in a manner similar to the rejections applied to claim 5 and 6.

Claims 9, 20 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Agarwal et al as applied to claims 8, 19 and 27, further in view of Mahaffey et al (US Pub.No.2015/0188949).

Re Claims 9, 20 and 28. Smith in view of Agarwal discloses the features of claims 8, 19 and 27, Agarwal further discloses: wherein the edge server nearest the end user comprises one selected from the group consisting of geographically closest (i.e. Each cleaning center can be assigned a particular prefix. This way, load can be balanced across different centers. Alternatively, each cleaning center can announce the same victim prefixes. The ingress router for each of the cleaning centers will have the same loopback address. The IGP will pick the closest cleaning center to use. This is a form of anycast) [Agarwal, p.3, col.1-col.2, and p.7, col.2],
 	The same motivation to modify with Agarwal, as in claim 1, applies.
 	Smith in view of Agarwal does not explicitly disclose whereas Smith in view of Agarwal and Mahaffey does: lowest cost (i.e. For a forward path, such as client to internet via PoP, the decision of which real network interface to use may be based on an up/down status of the real network interface………Or it may include a cost of routing e.g., Wi-Fi networks may be cheaper than non-Wi-Fi, but in some cases may be slower) [Mahaffey, para.0442], healthiest (i.e. The decision process may use information collected by, for example: measuring the latency or packet loss of a particular carrier to a known location on their network…..using a known dataset of current route health statistics) [Mahaffey, para.0452], with the least congested route (i.e. The preferred transport may take the effect of routing packets via less congested routes, or other forms of QoS) [Mahaffey, para.0455], (i.e. Border Gateway Protocol (BGP) may use metrics relating to the length (in terms of number of unique autonomous systems) of a route (e.g., AS-path) in order to route packets), and another distance measure [Mahaffey, para.0450].  
  	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith-Agarwal with Mahaffey because with Mahaffey statistics are gathered about various routes so optimal routing decisions between all points in the network can be made [Mahaffey, para.0453].

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285.  The examiner can normally be reached on Monday - Friday. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434