DETAILED ACTION

This action is in response to the communication filed on 2/25/21.
Claims 1 – 20 are pending.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication, U.S. 2019/0342327 A1.

Election/Restrictions

Claims 8 – 20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 2/25/21.

Drawings

The drawings are objected to under 37 CFR 1.83(a).  The drawings must show every feature of the invention specified in the claims.  Therefore, the below noted features must be shown or the feature(s) canceled from the claim(s).  No new matter should be entered.
The features of claim 1 are not illustrated within the drawings:
“…verifying that a request count maintained by the server is less than the session threshold…”.  The examiner notes that the drawings actually disclose verifying that the request count is less than a request threshold (e.g. fig. 5:520).
“…responsive to verifying that the request count is less than the session threshold, sending a challenge message to the client …”.  The examiner notes that the drawings actually disclose that a challenge message is sent to a client responsive to verifying that the session count is less than a session threshold (e.g. fig. 5:535).
“…responsive to verifying that the request count is less than the session threshold, … incrementing the request count …”.  The examiner notes that the drawings actually disclose that the request count is incremented when the client sends a request message (e.g. fig. 5:515).
“…responsive to verifying the response message and establishing a session with the client, incrementing the session count …”.  The examiner notes that the drawings actually disclose that the session count is incremented when the request count is verified as being less than the request threshold (e.g. fig. 5:530).
“…and responsive to terminating the session with the client, decrementing …the request count …”.  The examiner notes that the drawings actually disclose decrementing the request count responsive to the client sending a solution to the problem (e.g. fig. 5:565).


“…responsive to receiving the request, discarding the request in response to determining that the request count equals the session threshold …”.  The examiner notes that the drawings actually disclose discarding a request when the request count is not less than a request threshold (e.g. fig. 5:535).

The features of claim 3 are not illustrated within the drawings:
“…prior to sending the challenge message, verifying that a request count is less than a session count …”.  The examiner notes that the drawings actually disclose that prior to sending the challenge message, the session count is verified to be less than a session threshold (e.g. fig. 5:535).

The features of claim 4 are not illustrated within the drawings:
“…monitoring a time period when the request count equals the session threshold …”.  

The features of claim 5 are not illustrated within the drawings:
“…monitoring a time period when the request count equals the session threshold; and responsive to the time period exceeding threshold time, setting the request count equal to the session count …”.  

The features of claim 6 are not illustrated within the drawings:
monitoring a time period when the request count equals the session threshold; responsive to the time period exceeding threshold time, determining whether the session count is less than the session threshold; and responsive to determining that the session count is less than the session threshold, setting the request count equal to the session count.…”.  

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.



Specification

The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required: 
The features of claim 1 are not adequately disclosed by the applicant’s specification:
“…verifying that a request count maintained by the server is less than the session threshold…”.  The examiner notes that the drawings actually disclose verifying that the request count is less than a request threshold (e.g. fig. 5:520).
“…responsive to verifying that the request count is less than the session threshold, sending a challenge message to the client …”.  The examiner notes that the drawings actually disclose that a challenge message is sent to a client responsive to verifying that the session count is less than a session threshold (e.g. fig. 5:535).
“…responsive to verifying that the request count is less than the session threshold, … incrementing the request count …”.  The examiner notes that the drawings actually disclose that the request count is incremented when the client sends a request message (e.g. fig. 5:515).
“…responsive to verifying the response message and establishing a session with the client, incrementing the session count …”.  The examiner notes that the drawings actually disclose that the session count is incremented when the request count is verified as being less than the request threshold (e.g. fig. 5:530).
and responsive to terminating the session with the client, decrementing …the request count …”.  The examiner notes that the drawings actually disclose decrementing the request count responsive to the client sending a solution to the problem (e.g. fig. 5:565).

The features of claim 2 are not adequately disclosed by the applicant’s specification:
 “…responsive to receiving the request, discarding the request in response to determining that the request count equals the session threshold …”.  The examiner notes that the drawings actually disclose discarding a request when the request count is not less than a request threshold (e.g. fig. 5:535).

The features of claim 3 are not adequately disclosed by the applicant’s specification:
 “…prior to sending the challenge message, verifying that a request count is less than a session count …”.  The examiner notes that the drawings actually disclose that prior to sending the challenge message, the session count is verified to be less than a session threshold (e.g. fig. 5:535).


Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):


The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1 – 7 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  Please see above objection to the specification.

Furthermore, regarding claim 4, the applicant fails to adequately disclose the step of “monitoring a time period when the request count equals the session threshold”.  Rather, instead of a clearly disclosing a “time period”, the applicant vaguely describes a condition of “some time”, where said “some time” (e.g. par. 22) is never exemplified nor described in a manner for ascertaining how this period of time is determined or monitored.




The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 – 7 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding claim 1, the recitation “…verifying that a request count maintained by the server is less than the session threshold…”  renders the scope of the claims indefinite.  Specifically, it is unclear to one of ordinary skill as to why the request count is verified against the session threshold.  Furthermore, and in contrast, the examiner notes that the applicant’s specification actually discloses verifying that the request count is less than a request threshold (e.g. fig. 5:520).  

Regarding claim 1, the recitation “…responsive to verifying that the request count is less than the session threshold, sending a challenge message to the client …”.  session count is less than a session threshold (e.g. fig. 5:535).

Regarding claim 1, the recitation “…responsive to verifying that the request count is less than the session threshold … incrementing the request count …” renders the scope of the claims indefinite.  Specifically, it is unclear to one of ordinary skill as to why the request count is incremented responsive to verifying that the request account is less than a session threshold.  Logically, a request count should be incremented when a request is received.  Furthermore, the examiner notes that the applicant’s specification actually discloses that the request count is incremented when the client sends a request message (e.g. fig. 5:515).

Regarding claim 1, the recitation “…responsive to verifying the response message and establishing a session with the client, incrementing the session count …” renders the scope of the claims indefinite.  Specifically, it is unclear to one of ordinary skill as to why the session count is incremented responsive to verifying the response message and establishing a session.  An incremented session count is required to determine if it less than a session threshold, thus it the session count should be implemented before establishing the session.  Furthermore, the examiner notes that the 

Regarding claim 1, the recitation “…and responsive to terminating the session with the client, decrementing …the request count …”.  renders the scope of the claims indefinite.  Specifically, it is unclear to one of ordinary skill as to why the request count is decremented after terminating a session.  Logically, a request count would be decremented after the request is determined to be valid.  Furthermore, the examiner notes that the applicant’s specification actually discloses decrementing the request count responsive to the client sending a solution to the problem (e.g. fig. 5:565).

Regarding claim 2, the recitation “…responsive to receiving the request, discarding the request in response to determining that the request count equals the session threshold …” renders the scope of the claims indefinite.  Specifically, it is unclear to one of ordinary skill as to why request is discarded after verifying if the request count is equal to a session threshold.  Logically, a request would be discarded if the request count is greater than a request threshold.  Furthermore, the examiner notes that the applicant’s specification actually discloses discarding a request when the request count is not less than a request threshold (e.g. fig. 5:535).

Regarding claim 3, the recitation “…prior to sending the challenge message, verifying that a request count is less than a session count …”.  renders the scope of the claims indefinite.  Furthermore, and in contrast, the examiner notes that the applicant’s session count is verified to be less than a session threshold (e.g. fig. 5:535).

Furthermore, regarding claim 3, the recitations of “a request count” and “a session count” renders the scope of the claims ambiguous.  Specifically, it is unclear if the applicant is attempting to introduce new and secondary “request” and “session” counts, or if the applicant is attempting to reference the previously claimed “request count” and “session count” as recited within claim 1.

Regarding claim 4, the recitation of “monitoring a time period when the request count equals the session threshold” renders the scope of the claims indefinite.  Specifically, the “time period” for monitoring when a request count equals a session threshold does not appear to be standard within the art.  Furthermore, the applicant’s specification fails to provide any example or standard for ascertaining the “time period” in question.  Instead, the applicant only discloses an ambiguous period of “some time” (e.g. par. 22).  Thus, the claims are indefinite in scope.  

Regarding claims 5 and 6, the recitation of “threshold time” renders the scope of the claims indefinite.  Specifically, claims are to be interpreted in light of the applicant’s specification, however, in this case the applicant fails to provide any clear means for interpreting the scope of “threshold time”.  Thus, one of ordinary skill in the art is not enabled to identify how the “threshold time” is determined or established.  Therefore, the scope of the claims are indefinite.

	All depending claims are rejected by virtue of dependency.


Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on sale in this country, more than one year prior to the date of application for patent in the United States.


Claims 1 – 4 are rejected under pre-AIA  35 U.S.C. 102(b) as being anticipated by Juels et al. (Juels), “Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks”.

	Regarding claim 1, as best understood in view of the above noted deficiencies, Juels discloses:
A method for protecting a server against denial of service attacks (e.g. Juels, abstract), comprising: maintaining, by a server having a processing device for verifying legitimate requests for service, a session count (e.g. Juels, sect. 3.3, par. 2 – filled slots in B)  and a session threshold (e.g. Juels, sect. 3.2, par. 3 – “maxcon+b”) the session count indicating a quantity of active client sessions the server is maintaining and the session threshold specifying a maximum quantity of concurrent client sessions the server can maintain (e.g. Juels, sect. 3.2, par. 3, 4);
responsive to receiving a request from a client, verifying that a request count  (e.g. Juels, sect. 3.1, par. 1 – ith execution of M) maintained by the server is less than the session threshold (e.g. Juels, sect. 3.1, par. 1; sect. 3.2, par. 3; sect. 3.3, par. 2 -  ith execution of M is determined to be greater than maxcon but less than “maxcon+b”); 
responsive to verifying that the request count is less than the session threshold, sending a challenge message to the client and incrementing the request count (e.g. Juels, sect. 3.3, par. 2 – client receives puzzle);
receiving a response message to the challenge message from the client; responsive to verifying the response message and establishing a session with the client, incrementing the session count (e.g. Juels, sect. 3.3, par. 2 – server establishes session an increments the number of filled slots in B); 
and responsive to terminating the session with the client, decrementing the session count and the request count (e.g. Juels, sect. 3.2, par. 5; sect. 3.3, par. 2 – filled slots in B and the ith execution of M is reduced). 

Regarding claim 2, Juels discloses:
responsive to receiving the request, discarding the request in response to determining that the request count equals the session threshold (e.g. Juels, sect. 2, par. th request is greater than the server’s capability (i.e. maxcon+b) then the request is discarded). 

Regarding claim 3, Juels discloses:
prior to sending the challenge message, verifying that a request count is less than a session count (e.g. Juels, sect. 3.1, par. 1; sect. 3.2, par. 3; sect. 3.3, par. 2 -  ith execution of M is determined to be greater than maxcon but less than “maxcon+b”). 

Regarding claim 4, Juels discloses:
further comprising monitoring a time period when the request count equals the session threshold (e.g. Juels, sect. 3.2, par. 5). 


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965.  The examiner can normally be reached on 7:30 am - 4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495