DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
s 1-8, 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over Boodaei (US 20140130152 A1) in view of Nakhre (US 20110113489 A1), and further in view of Chuah (US 20040054924 A1).
Regarding Claim 1, 13, 18

Boodaei teaches:

A computer-implemented method, comprising: determining, by one or more processors, that a destination has been retained as a link in an application based on monitoring connections of the application to one or more destinations (¶19 defending a computer system comprising a DNS server against a DoS or a DDoS attack directed at said DNS server, comprising replacing the address of said system provided by a user to a client software with an alternative address, wherein said address is replaced by a software agent associated with said user, such that said client software is capable of connecting with said system ¶33 monitoring the DNS server and for identifying DDoS activity, ¶34 if the configuration server itself is not responsive the software agent transitions to the alternative DNS/static IP address on the assumption that the configuration server itself has come under DDoS attack); 
 

monitoring, by the one or more processors, connections of the application to the destination retained as the link, wherein each connection comprises the application providing a locator of the destination to one or more servers to obtain an address for the destination from the one or more servers, based on providing the locator (¶19 defending a computer system comprising a DNS server against a DoS or a DDoS attack directed at said DNS server, comprising replacing the address of said system provided by a user to a client software with an alternative address, wherein said address is replaced by a software agent associated with said user, such that said client software is capable of connecting with said system ¶33 monitoring the DNS server and for identifying DDoS activity, ¶34 if the configuration server itself is not responsive the software agent transitions to the alternative DNS/static IP address on the assumption that the configuration server itself has come under DDoS attack); 

(¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack); and 

providing, by the one or more processors, for each connection of the monitored connections of the application to the destination within the given time period, the address obtained from the one or more servers, as selectable options in a user interface of the application (¶19 defending a computer system comprising a DNS server against a DoS or a DDoS attack directed at said DNS server, comprising replacing the address of said system provided by a user to a client software with an alternative address, wherein said address is replaced by a software agent associated with said user, such that said client software is capable of connecting with said system ¶33 monitoring the DNS server and for identifying DDoS activity, ¶34 if the configuration server itself is not responsive the software agent transitions to the alternative DNS/static IP address on the assumption that the configuration server itself has come under DDoS attack )

Boodaei does not teach:

determining, by the one or more processors, based on monitoring the connections of the application to the destination, an average time period measured from providing the locator of the destination to the one or more servers to obtaining the address from the one or more servers; 

retaining, by the one or more processors, for each connection of the monitored connections of the application to the destination within a given time period, the address obtained from the one or more servers; 








determining, by the one or more processors, based on monitoring the connections of the application to the destination, an average time period measured from providing the locator of the destination to the one or more servers to obtaining the address from the one or more servers (¶15-¶19 DDoS on DNS floods the DNS server with DNS request messages (providing the locator of the destination to the one or more servers to obtaining the address from the one or more servers), detect changes in the packet traffic at one or more routers or nodes in the network being monitored, changes are detected by comparing traffic in real-time or over a pre-set period to a baseline measure of traffic at the nodes); 


Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Boodaei in light of Nakhre in order to impose limits on network usage on a per subscriber and per application or port basis, this way, the network may be protected from the affected subscribers without restricting the subscribers' usage of all services provided over the network (Nakhre ¶19). 

Boodaei-Nakhre does not teach:

retaining, by the one or more processors, for each connection of the monitored connections of the application to the destination within a given time period, the address obtained from the one or more servers; 

Chuah teaches:

retaining, by the one or more processors, for each connection of the monitored connections of the application to the destination within a given time period, the address obtained from the one or more servers (¶46 adapted to continuously monitor the number of distinct source and destination IP addresses across a fixed number total packet arrival and over a fixed time interval, adapted to examine, and the storage section 203 is adapted to store, the number of distinct source and destination IP addresses received, monitoring section 204 may also be adapted to utilize normal-congestion-time numbers to determine when such "normal" numbers sufficiently fluctuate as a way of monitoring DDOS attacks); 
(Chuah ¶46).


Regarding Claim 2, 14, 19

Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1

Boodaei teaches:

The computer-implemented method of claim 1, further comprising: obtaining, by the one or more processors, a selection of a selectable option of the selectable options in the user interface of the application (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a 
different address than selected by the user.  Said different address can be 
created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack,); and 

completing, by the one or more processors, the new connection, via the application, to the destination, based on utilizing an address associated with the selection, wherein completing the connection comprises bypassing the one or more servers (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack)


Regarding Claim 3, 15, 20
Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1

Boodaei teaches:

The computer-implemented method of claim 2, further comprising: continuously submitting, by the one or more processors, via the application, the locator to the one or more servers to obtain an address of the destination (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack); and 

determining, by the one or more processors, that a submission during the continuously transmitting resulted in obtaining the address of the destination from the one or more servers within a threshold time difference from the average time (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack).

Regarding Claim 4, 16
Boodaei-Nakhre-Chuah teaches:

The computer-implemented method of claim 1

Boodaei teaches:


The computer-implemented method of claim 3, further comprising: hiding, by the one or more processors, the provided selectable options in the user interface of the application (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark (hiding)) or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack).

Regarding Claim 5, 17

Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1

Boodaei teaches:
The computer-implemented method of claim 1, wherein the selectable options comprise unique addresses obtained within the given time period (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark (hiding)) or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack).


Regarding Claim 6
Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1

Boodaei teaches:
 
The computer-implemented method of claim 1, wherein the selectable options comprise a pre-determined number of most recently obtained unique addresses obtained within the given time period (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark (hiding)) or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack,).








Regarding Claim 7
Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1

Boodaei teaches:

The computer-implemented method of claim 1, wherein the one or more servers execute domain network services to provide the address responsive to obtaining the locator (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark (hiding)) or by typing it) in a manner that is transparent to the user himself ¶34 if the configuration server itself is not responsive (connection is incomplete after a time period calculated relative to the average time period has lapsed) the software agent transitions to the alternative DNS/static IP address (application has initiated a new connection to the destination) on the assumption that the configuration server itself has come under DDoS attack)

Regarding Claim 8
Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1

Boodaei teaches:

The computer-implemented method of claim 1, wherein the link comprises a bookmark (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark or by typing it) in a manner that is transparent to the user himself).

Regarding Claim 10
Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1



The computer-implemented method of claim 1, wherein each selectable comprises an Internet Protocol address (¶25 the browser of a user who is attempting to connect to that system is not able to obtain DNS resolution of the hostname/domain of that system, the user's browser is directed to a different address than selected by the user.  Said different address can be created in a variety of manners and it replaces the hostname or other address originally submitted to the browser by the user (either by using a bookmark or by typing it) in a manner that is transparent to the user himself

Regarding Claim 11
Boodaei-Nakhre-Chuah teaches:

The computer-implemented method of claim 1

Nakhre teaches:
The computer implemented method of claim 1, further comprising: calculating, by the one or more processors, the time period calculated relative to the average time period has lapsed, wherein the calculating comprises multiplying the average time by a multiplier (¶15-¶19 DDoS on DNS floods the DNS server with DNS request messages (providing the locator of the destination to the one or more servers to obtaining the address from the one or more servers), detect changes in the packet traffic at one or more routers or nodes in the network being monitored, changes are detected by comparing traffic in real-time or over a pre-set period (average time by a multiplier) to a baseline measure of traffic at the nodes).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Boodaei in light of Nakhre in order to impose limits on network usage on a per subscriber and per application or port basis, this way, the network may be protected from the affected subscribers without restricting the subscribers' usage of all services provided over the network (Nakhre ¶19).






Regarding Claim 12
Boodaei-Nakhre-Chuah teaches:
The computer-implemented method of claim 1

Nakhre teaches:

The computer-implemented method of claim 1, wherein the multiplier is 100 (¶15-¶19 DDoS on DNS floods the DNS server with DNS request messages (providing the locator of the destination to the one or more servers to obtaining the address from the one or more servers), detect changes in the packet traffic at one or more routers or nodes in the network being monitored, changes are detected by comparing traffic in real-time or over a pre-set period (multiplier could be 100) to a baseline measure of traffic at the nodes).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Boodaei in light of Nakhre in order to impose limits on network usage on a per subscriber and per application or port basis, this way, the network may be protected from the affected subscribers without restricting the subscribers' usage of all services provided over the network (Nakhre ¶19).

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Boodaei-Nakhre-Chuah as applied to claim 1 above, and further in view of Balupari (US 20130097699 A1).
Regarding Claim 9

Boodaei-Nakhre-Chuah does not teach:

The computer implemented method of claim 1, wherein the locator comprises a uniform resource locators.

Balupari teaches:

The computer implemented method of claim 1, wherein the locator comprises a uniform resource locators (¶36 connection monitor 215 may monitor and inspect packets at 305, other information associated with the connection may also be added, such as a URI, URL).
(Balupari ¶2).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUWATOSIN M GIDADO whose telephone number is (571)272-4227.  The examiner can normally be reached on Monday -Friday 8:00 - 4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/OLUWATOSIN M GIDADO/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445                                                                                                                                                                                                        06/17/2021