DETAILED ACTION
This communication is responsive to the application filed on 09/11/2020
Claims 1-32 have been canceled.
Claims 33-60 have been added.
Claims 33-60 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/22/2017 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.


Priority
The present application is a continuation of US Patent Application 15/510,632 filed 03/10/2017 which claims priority from PCT/NZ2015/050138 filed 09/10/2015 which claims priority from New Zealand Patent Application No. NZ631250, filed 09/12/2014
Oath
4.    The Oath filed on 07/25/2017 complies with all the requirements set forth in MPEP 602 and is therefore accepted.
Drawings
5.    The drawings filed on 03/10/2017 have been accepted.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 33-42, 57- 60 are rejected under 35 U.S.C. 103 as being unpatentable over Baldaras (US Pat. 9,457,461 B2 filed 12/21/2013) in view of Foxhoven et al. (US Pat. 9,882,767 B1 filed 07/23/2013).
As to claim 33, Baldaras discloses:
 “A telecommunications defense system comprising:
at least one shield server” (Baldaras, fig. 1, col. 4 lines 51-56 and col. 4 line 66- col. 5 line 2; DNS server 102 (corresponds to shield server), managed by the end-user's ISP or wireless carrier, is configured to access/provide a variety of security intelligence services via a threat detection module);
“at least one target server arranged to be in communication with the shield server and with a client telecommunications system, via a telecommunications network” (Baldaras, fig. 1, col. 4 lines 51-65; client device 101, recursive dns server 102 security intelligence services in network communication with content delivery network (CDN) server (corresponds to target)).
Baldaras discloses a DNS service provided by a content delivery network (CDN) having built-in enhanced security mechanisms, i.e., enhanced malware detection, firewalls, etc., that may be used to better control and mitigate threats directed against the CDN's distributed content server platform from clients, wherein clients that may pose a threat are directed to particular sets of machines in the CDN (sometimes called regions or point of presence or POP) that may be designated for handling such traffic, e.g., DDoS, malware attacks, etc. (Baldaras, col. 4 lines 23-39).
Baldaras does not explicitly disclose:
“the target server being provided in a geographical location of the telecommunications network that is nearer the client telecommunications system than the shield server.”
However, Foxhoven discloses:
“the target server being provided in a geographical location of the telecommunications network that is nearer the client telecommunications system than the shield server” (Foxhoven, col. 4 line 65 – col. 5 line 13 and 21-24;    Each of the processing nodes 110 may be implemented by one or more of computer and communication devices, e.g., server computers, gateways, switches, etc., wherein a mobile device 230 may be configured to communicated to a nearest processing node 110 through any available wireless access device, such as an access point, or a cellular gateway).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras with Foxhoven in order to provide plurality of surrogates associated with the DNS request. The plurality of surrogates can be geographically diverse and communicatively coupled to the DNS server thereby forming a distributed security cloud network.  (Foxhoven, col. 2 lines 33– 36).
The combination of Baldaras and Foxhoven further disclose:
“the telecommunications defense system further comprising an attack detection application, a communication application and a shielding application” (Baldaras, col. 4 lines 23-39, col. 5 lines 39-44 and col. 6 lines 25-33; threat detection, communicating threat score to upstream device and threat mitigation actions); 
“wherein:
the attack detection application contains instructions which, when executed on the target server, detects an attack aimed at the client telecommunications system via the telecommunications network and generates an identification signal indicative of a source of the attack, wherein the target server is a separate server from the client telecommunications system” (Baldaras, col. 5 lines 39-44;DNS server 102 may perform the recursive lookup, but use a DNS extension field to inform an upstream DNS server 108 of the threat, with a field indicating a threat score that the DNS server 102 has determined for the particular client, so that the upstream DNS server may tailor its answers accordingly);
“the communication application contains instructions which, when executed on the target server, transmits the identification signal to the shield server” (Baldaras, col. 5 lines 39-44); and
“the shielding application contains instructions which, when executed on the shield server, cause the shield server to generate a shield signal in response to the transmitted identification signal, to provide at least one shield operative to shield the client telecommunications system from the attack identified (Baldaras, col. 6 lines 25-29 and 34-59; step 214 If the client exceeds the threshold threat level, the DNS server 102 must determine what action to take, i.e., provide no response, blacklisting a malicious client, redirect client request to a threat mitigation device, etc.)

As to claim 34, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
“operative such that an attack can be detected at or near the geographical location of the client telecommunications system, but shielded at or near the source of the attack, or at least nearer the source of the attack than the client telecommunications system.”
However, Foxhoven discloses:
“operative such that an attack can be detected at or near the geographical location of the client telecommunications system, but shielded at or near the source of the attack, or at least nearer the source of the attack than the client telecommunications (Foxhoven, col. 3 lines 50–67 and col. 4 lines 1-16; distributed cloud-based Dynamic Name Server (DNS) surrogation systems performs recursion allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution; Surrogation allows for a DNS service to exist in a fewer number of sites while still providing results as if it in a greater number of sites while maintaining geographic localization).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras with Foxhoven in order to provide plurality of surrogates associated with the DNS request. The plurality of surrogates can be geographically diverse and communicatively coupled to the DNS server thereby forming a distributed security cloud network.  (Foxhoven, col. 2 lines 33– 36).

As to claim 35, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras further discloses:
“wherein the identification signal is indicative of the geographical source of the attack” (Baldaras, col. 5 lines 11-16; DNS server may combine this score with other factors, such as the location of the client from location service 105 (e.g., which could be geographic location based on IP address or network location based on IP address), 

As to claim 36, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras further discloses:
(Baldaras, col. 5 lines 11-16).

As to claim 37, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
“wherein the target server is located in the same geographical location as the client telecommunications system.”
However, Foxhoven discloses:
“wherein the target server is located in the same geographical location as the client telecommunications system” (Foxhoven, col. 4 lines 5-12; surrogation allows for a DNS service to exist in a fewer number of sites while still providing results as if it in a greater number of sites while maintaining geographic localization; surrogation also allows for a distributed method of providing DNS-based policy and resolution).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras with Foxhoven in order to provide plurality of surrogates associated with the DNS request. The plurality of surrogates can be geographically diverse and communicatively coupled to the DNS server thereby forming a distributed security cloud network.  (Foxhoven, col. 2 lines 33– 36).

As to claim 38, Baldaras and Foxhoven disclosed the invention of claim 37.  Baldaras does not explicitly disclose:

However, Foxhoven discloses:
“wherein the target server comprises part of the client telecommunications system” (Foxhoven, col. 4 lines 18-26; system 100, including content processing nodes 110 (PN) may be implemented as an overlay network in a wide area network (WAN), a local area network (LAN), or the like proactively detect and preclude the distribution of security threats, e.g., malware, spyware, viruses, email spam, etc., and other undesirable content sent from or requested by an external system).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras with Foxhoven in order to provide plurality of surrogates associated with the DNS request. The plurality of surrogates can be geographically diverse and communicatively coupled to the DNS server thereby forming a distributed security cloud network.  (Foxhoven, col. 2 lines 33– 36).

As to claim 40, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
“wherein a plurality of shield servers are provided, at least one of which is located in a different geographical location from the target server.”
However, Foxhoven discloses:
“wherein a plurality of shield servers are provided, at least one of which is located in a different geographical location from the target server” (Foxhoven, col. 5 lines 5-9; each of the processing nodes 110 may include Internet gateways and one or more servers, and the processing nodes 110 may be distributed through a geographic region, e.g., throughout a country, region, campus, etc. According to a service agreement between a provider of the system 100 and an owner of an external system).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras with Foxhoven in order to provide plurality of surrogates associated with the DNS request. The plurality of surrogates can be geographically diverse and communicatively coupled to the DNS server thereby forming a distributed security cloud network.  (Foxhoven, col. 2 lines 33– 36).

As to claim 41, Baldaras and Foxhoven disclosed the invention of claim 40.  Baldaras does not explicitly disclose:
“wherein shield servers are located in a plurality of different geographical locations.”
However, Foxhoven discloses:
“wherein shield servers are located in a plurality of different geographical locations” (Foxhoven, col. 5 lines 5-9; each of the processing nodes 110 may include Internet gateways and one or more servers, and the processing nodes 110 may be distributed through a geographic region, e.g., throughout a country, region, campus, etc. According to a service agreement between a provider of the system 100 and an owner of an external system).

.
As to claim 42, Baldaras and Foxhoven disclosed the invention of claim 40.  Baldaras does not explicitly disclose:
“wherein more than one shield server is located in each geographical location.”
However, Foxhoven discloses:
“wherein more than one shield server is located in each geographical location”(Foxhoven, col. 5 lines 5-9; each of the processing nodes 110 may include Internet gateways and one or more servers, and the processing nodes 110 may be distributed through a geographic region, e.g., throughout a country, region, campus, etc. According to a service agreement between a provider of the system 100 and an owner of an external system).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras with Foxhoven in order to provide plurality of surrogates associated with the DNS request. The plurality of surrogates can be geographically diverse and communicatively coupled to the DNS server thereby forming a distributed security cloud network.  (Foxhoven, col. 2 lines 33– 36).


As to claim 58, claim 58 is substantively similar in scope to claim 34.  Claim 34 is therefore rejected for the same reasons outlined in the rejection of claim 34 above.

As to claim 59, claim 59 represents a method for performing operations that are substantively similar in scope to the invention of claim 33.  Claim 59 is therefore rejected for the same reasons outlined in the rejection of claim 33 above.

As to claim 60, claim 60 represents a telecommunications network that provides operations that are substantively similar in scope to the invention of claim 33.  Claim 60 is therefore rejected for the same reasons outlined in the rejection of claim 33 above.

Claim 39 is rejected under 35 U.S.C. 103 as being unpatentable over Dickinson in view of Baldaras in view of Foxhoven in further view of Bunker et al. (US Pub. 2010/00242114 A1 filed 03/18/2010).
. As to claim 39, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
“wherein the attack detection application comprises a decryption module operative on the target server to decrypt an encrypted attack.”
However, Bunker discloses:
(Bunker, par. 0030; firewall 312 is designed to decrypt computer traffic between security domains).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras and Foxhoven with Bunker in order to provide mechanisms to decrypt network communications in order to inspect communications traffic for malicious content that might otherwise go undetected, to ensure protection of corporate assets from being compromised (Bunker, par. 0025).

Claims 43–44 are rejected under 35 U.S.C. 103 as being unpatentable over Baldaras in view of Foxhoven in further view of Ashley (US Pat. 8,925,082 B2 filed 08/22/2012).
As to claim 43, Baldaras and Foxhoven disclosed the invention of claim 40.  Baldaras does not explicitly disclose:
“wherein the identification signal is sent to more than one of the plurality of shield servers.”
However, Ashley discloses
“wherein the identification signal is sent to more than one of the plurality of shield servers” (Ashley, col. 9 lines 5 – 13; registered Intrusion Detection System (IDS) devices operating in an IDS cluster may share IP reputation information with other IDS devices in the cluster).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras and Foxhoven with Ashley in 

As to claim 44, Baldaras and Foxhoven disclosed the invention of claim 43.  Baldaras does not explicitly disclose:
 “wherein the identification signal is sent to all of the shield servers in the system.”
However, Ashley discloses:
“wherein the identification signal is sent to all of the shield servers in the system” (Ashley, col. 9 lines 5 – 13). 
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras and Foxhoven with Ashley for the same reasons outlined in the rejection of claim 43 above.
.
As to claim 45, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras further discloses:
“wherein the shield application is adapted to be executed on the target server such that the target server generates or activates a shield” (Baldaras, col. 4 lines 23-39;
a DNS service provided by a content delivery network (CDN) having built-in enhanced security mechanisms, i.e., enhanced malware detection, firewalls, etc., that may be used to better control and mitigate threats directed against the CDN's distributed content server platform from clients).

As to claim 46, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras further discloses:
“a distribution application containing instructions which, when executed on the target server, select whether the target server generates or activates a shield, or whether the shield server generates or activates a shield” (Baldaras, col. 4 lines 23-39;
a DNS service provided by a content delivery network (CDN) having built-in enhanced security mechanisms, i.e., enhanced malware detection, firewalls, etc., that may be used to better control and mitigate threats directed against the CDN's distributed content server platform from clients).

Claim 47 is rejected under 35 U.S.C. 103 as being unpatentable over Baldaras in view of Foxhoven in further view of Talpade et al. (US Pub. 2004/0148520 A1 filed 01/29/2003).
As to claim 47, Baldaras and Foxhoven disclosed the invention of claim 46.  Baldaras does not explicitly disclose:
“wherein the distribution application is operative to determine the size of the attack, such that the shield server generates or activates the shield if the attack is above a predetermined size.”
However, Talpade discloses:
(Talpade, par. 0020; sensor filters use bit rate information to perform volume-based detection of DDoS flood traffic based on configurable threshold values).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras and Foxhoven with Ashley in order to share IP reputation information of devices communicating in a network that may be related to adverse event traffic with other endpoint devices in a network cluster to enhance early detection of malicious content traversing the network cluster (Ashley, col. 2 lines 21 – 28)..

Claims 48-50 and 53 are rejected under 35 U.S.C. 103 as being unpatentable over Baldaras in view of Foxhoven in further view of Pandrangi (US Pat. 8,935,785 B2 filed 09/23/2011).
As to claim 48, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
“a security database on which at least one client security signal is stored, the at least one client security signal being arranged to allow secure access to the client telecommunications network.”
However, Pandrangi discloses:
“a security database on which at least one client security signal is stored, the at least one client security signal being arranged to allow secure access to the client (Pandrangi, col. 4 lines col. 6 lines 21 – 31; a whitelist of IP addresses (e.g., trusted sources with high confidence value) maintained in a system database can be used to determine a threshold for which data communications would be accepted).
A person of ordinary skill in the art prior to effective filing date the invention would have been motivated to combine the features of Baldaras and Foxhoven with Pandrangi in order to mechanisms to lookup confidence values corresponding to IP addresses of computer devices communicating in a network to determine the likelihood that communications from the computer device poses a security risk to the network (Pandrangi, col. 4 lines4 – 9).

As to claim 49, Baldaras and Foxhoven disclosed the invention of claim 48.  Baldaras does not explicitly disclose:
“wherein the security database is provided in, or is at least in communication with, the target server.”
However, Pandrangi discloses:
“wherein the security database is provided in, or is at least in communication with, the target server” (Pandrangi, fig. 6, col. 5 lines 18 – 25; confidence score can be used in a site that filters traffic from the Internet to provide cleansed traffic).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras and Foxhoven with Ashley for the same reasons outlined in the rejection of claim 48 above.


“wherein the security database is located in the same geographical location as the client telecommunications system However, it would have been obvious to a person of ordinary skill in the art prior to the effective filing date of the invention to provide for the security database of Pandrangi  (see Pandrangi, col. 4 lines col. 6 lines 21 – 31) to be located in the same geographical location as the client telecommunications system as a matter of design/implementation in order to process communications requests indicative of a DDoS attack as close to the origin of the attack, thereby preventing a flood of suspect data from affecting network performance of data routed through the intermediate network hops between the originating source and the destination target of such a request.
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras and Foxhoven with Ashley for the same reasons outlined in the rejection of claim 48 above.

As to claim 53, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
   “generate a pre-scan signal arranged to perform a pre-scan of the client telecommunications system so as to identify vulnerabilities of the client telecommunications system, the shielding application being arranged to generate a shield signal or signals in response to the vulnerabilities identified in the pre-scan.”
However, Pandrangi discloses:
(Pandrangi, col. 3 lines 28 – 32; utilizing multiple sources of information to build a pre-attack knowledge base at an individual client IP level to be for storage prior to an event and/or attack).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras and Foxhoven with Pandrangi for the same reasons outlined in the rejection of claim 50 above.

Claims 51-52 are rejected under 35 U.S.C. 103 as being unpatentable over Baldaras in view of Foxhoven in view of Pandrangi in further view of Dickinson (US Pat. 8,966,622 B2 filed 12/29/2010).
As to claim 51, Baldaras, Foxhoven and Pandrangi disclosed the invention of claim 48.  Baldaras does not explicitly disclose:
“…that the at least one client security signal is not transmitted over the telecommunications network.”
However, Dickinson discloses:
“…that the at least one client security signal is not transmitted over the telecommunications network” (Dickinson, fig. 10, par. 0062; data traffic routed to a secondary mitigation device can apply secondary mitigation techniques in a centralized location, thereby allowing the centralized equipment to protect a greater number of network destinations).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras, Foxhoven and Pandrang with Dickinson to provide mitigating the effects of attempts to adversely affect computer systems, such as through the use of denial of service (DoS) attacks, and/or distributed denial of service (DDoS) attacks. In particular, embodiments of the present disclosure mitigate the effects of DoS attacks by blocking network traffic attributable to a DoS attack at one or more locations that are geographically proximate to geographic regions from which network traffic originates (Dickinson, col. 2 lines 28-31).
As to claim 52, Baldaras, Foxhoven, Pandrangi and Dickinson disclosed the invention of claim 51.  Baldaras does not explicitly disclose:
“that the at least one client security signal is not transmitted outside of the geographical location of the client.”
Hoever, Dickinson discloses:
“that the at least one client security signal is not transmitted outside of the geographical location of the client” (Dickinson, fig. 10 par. 0062).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras, Foxhoven and Pandrang with Dickinson to provide mitigating the effects of attempts to adversely affect computer systems, such as through the use of denial of service (DoS) attacks, and/or distributed denial of service (DDoS) attacks. In particular, embodiments of the present disclosure mitigate the effects of DoS attacks by blocking network traffic attributable to a DoS .

Claims 54-56 are rejected under 35 U.S.C. 103 as being unpatentable over Baldaras in view of Foxhoven in view of Dilley et al. (US Pub. 2013/0269023 A1 filed 05/17/2013).
As to claim 54, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
“wherein the attack detection and/or communication applications are stored on the target server, or on more than one target server, or stored in cloud storage in communication with the target server.”
However, Dilley discloses:
“wherein the attack detection and/or communication applications are stored on the target server, or on more than one target server, or stored in cloud storage in communication with the target server (Dilley, fig. 3, pars. 0014 and 0033; cloud based firewall system).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras and Foxhoven with Dilley in order to provide a rules-based evaluation of requests to scan for suspicious network behavior, including protocol violations, HTTP policy violations, request limit violations, robots, Trojan backdoors, cross-site scripting, various injection attacks, outbound content leakage, etc. (Dilley, par. 0039).


“wherein the or each shield application is stored on the shield server, or on more than one shield server, or stored in cloud storage in communication with the shield server.”
However, Dilley discloses:
“wherein the or each shield application is stored on the shield server, or on more than one shield server, or stored in cloud storage in communication with the shield server” (Dilley, fig. 3, pars. 0014 and 0033; cloud based firewall system).
A person of ordinary skill in the art prior to the effective filing date of the invention would have been motivated to combine Baldaras and Foxhoven with Dilley for the same reasons outlined in the rejection of claim 54 above.

As to claim 56, Baldaras and Foxhoven disclosed the invention of claim 33.  Baldaras does not explicitly disclose:
“wherein the or each shield application comprises, or is operative to generate or activate, a shield comprising a web application firewall (WAF).”
However, Dilley discloses:
“wherein the or each shield application comprises, or is operative to generate or activate, a shield comprising a web application firewall (WAF)” (Dilley, pars. 0036 – 0037; web application protection firewall).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to /FELICIANO S MEJIA/ whose telephone number is (571)270-5994.  The examiner can normally be reached on 8:30am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 

/FELICIANO S. MEJIA/
Examiner
Art Unit 2492




/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492