DETAILED ACTION
- Claims 1-3, 5-9, 11-14,16-20. 22-28 and 30 are pending.
- Claims 4, 10, 15, 21 and 29 are cancelled.
- Rejection under 112(a) of claims 1, 12 and 23 has been withdrawn based on the claim amendments.
- The double patenting rejection has been held in abeyance until the final scope of the claims has been determined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s Remarks filed on 6/25/2021 have been fully considered.
The argument that Smith is silent with respect to “announcing as an IP address associated with the server, a public IP address serving as a first anycast address for a scrubbing center network” is not persuasive. In Smith, the anycast address for the servers is an IP address that directs traffic to the scrubbing center and therefore it may be interpreted as an address that may serve as a an anycast address for the scrubbing center network. Examiner notes that, in the current invention as in the prior art, the public IP address is an address that diverts traffic intended for the servers to the data scrubbing network.


Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


 	Claims 8, 19 and 27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. These claims recite “the IP address” however the parent claims recite “a public IP address” and “a spoofed IP address” and therefore it is not clear to which address the claim is referring to. For the purpose of examination, “the IP address” is interpreted as “the public IP address”.

Claim Rejections - 35 USC § 112(a)
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

 	Claims 2, 13 and 24 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a wherein the scrubbing center network maintains a mapping of the public IP address to the private IP address” however the original disclosure supports only an association between the public IP address and the private IP address without indicating where such an association is maintained.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 8, 11-13, 19, 22-24, 27 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Smith et al (US Pub.No. 2016/0241590) in view of Applicant disclosed reference Agarwal et al “DdoS Mitigation via Regional Cleaning Centers”, Sprint ATL Research Report RR04-ATL-013177, January 2004.
Re Claim 1. Smith discloses a method of providing infrastructure protection for a server of a network organization, the method comprising: announcing, as an internet protocol (IP) address associated with the server, a public IP address, the public IP address serving as a first anycast address for a scrubbing center network (i.e. Each of the servers 105 might be assigned the same anycast IP address, and they might each advertise this address to one or more of the routers 120…………………Using the system 100, however traffic received at the edge router 205 is routed to the data scrubber 110 based on the routing table at the edge router 205, which prioritizes the route 215 through the data scrubbers 110 as the correct route to reach the anycast IP address for the servers 105. ) [Smith, para.0032, 0035, the anycast address for the servers in Smith serves as an anycast address for the data scrubbers because, as in the current invention, it is used to direct traffic to the data scrubbers i.e. scrubbing center network]; receiving, at the scrubbing center network, an incoming network packet intended for the server of the network organization identified using the public IP address; determining, by the scrubbing center network, whether the incoming network packet is legitimate (i.e. the plurality of data scrubbing appliances might be configured to receive network traffic addressed to the first anycast IP address, filter the network traffic to block undesirable network traffic, and/or transmit the filtered network traffic, via one or more network tunnels, to one or more of the plurality of servers) [Smith, para.0012]; and responsive to determining that the incoming network packet is legitimate, modifying a header of the incoming network packet to indicate a spoofed IP address as a source IP address of the network packet (i.e. Upon arriving at one of the data scrubbers 110, the traffic is filtered, and the filtered traffic is injected over path 220 to the DS router 115 (or otherwise transmitted to the DS router 115), which then selects a server (e.g., using a load balancing technique) and transmits the traffic through the MPLS tunnel 125 (or other tunnel), which encapsulates IP addresses of the traffic…………. such tunnels can include MPLS tunnels and/or any other suitable tunneling technology that allows IP address encapsulation.   ) [Smith, para.0035-0036, 0040, note: IP address encapsulation discloses modifying the header to indicate a spoofed IP address as the source],
 	Smith does not explicitly disclose whereas Smith in view of Agrawal does: and responsive to determining that the incoming network packet is legitimate, routing, by a processor using generic routing encapsulation (GRE), the incoming network packet to the server (i.e. When this traffic is cleaned by one or more specialized filtering devices in the center, the legitimate traffic is redirected to the destination ……..identify the legitimate traffic, and allow only that traffic to exit the device) [Agarwal, p.2.col.2, p.3, col.2], [Agrawal, p.8, col.2, discloses using GRE tunneling] at a private IP address (i.e. the traffic can exit the network tunnel and could be statically routed……………… from the tunnel to the IP address of the original destination server) [Smith, para.0027]. Smith also discloses routing using generic routing encapsulation (GRE) (e.g. DS router 115 and server router 120) is configured to establish a network tunnel 125 (and in the particular case of the routers 115a and 120a, the tunnel 125a, and in the case of DS router 115a and server router 120b, tunnel 125b, and so on) to transport traffic between them. These tunnels 125, which can be virtual private network ("VPN") tunnels, multiprotocol label switching ("MPLS") tunnels, Internet protocol security ("IPSec") tunnels, generic routing encapsulation ("GRE") tunnels, or any other type of tunneling technology that can function to encapsulate traffic and allow custom routing between a DS router 115 and corresponding server router 120) [Smith, para.0031];
 	Smith further discloses: wherein the spoofed IP address serves as a second anycast address for the scrubbing center network (i.e. The system 100 also comprises a plurality of data scrubbing appliances 110 (also referred to herein as "data scrubbers" and "data scrubbing devices"). In some embodiments, the data scrubbing appliances 110 are anycast to a single IP address (which is a different address than the address assigned to the servers 105)) [Smith, para.0030, see also para.0038].  
 	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith with Agarwal because by deploying cleaning centers inside ISP backbones, we are no longer victim to DDoS attacks saturating under-provisioned edge links. We are no longer placing the burden of DDoS attack mitigation with large numbers of enterprise networks, but instead placing the burden with the fewer numbers of ISPs. Further, large numbers of devices and cleaning centers in an ISP are amortized among many enterprise customers. A single point of failure will no longer exist [Agrawal, p.2, col.1].

Re Claims 12 and 23. These claims disclose features similar to those recited in claim 1 and therefore they are rejected in a similar manner.

Re Claims 2, 13 and 24. Smith in view of Agarwal discloses the features of claims 1, 12 and 23, Smith further discloses wherein the scrubbing center network maintains a mapping of the public IP address to the private IP address (i.e. DS router (e.g., 115a) receiving traffic from an data scrubber (e.g., 110a) can implement load balancing among the servers 105 by selecting different tunnels (e.g., 125a, 125b, 125c) or different static routes (e.g., 150a, 150b, 150c) in any desired fashion (e.g., round robin, etc.) when routing traffic to the servers 105. In some cases, both the static routes 150 and the tunnels 125 can be implemented in the same embodiment, so that a DS router (e.g., 115a) might have a series of static routes (e.g., 150a, 150b, 150c) configured and a series of tunnels (e.g., 125a, 125b, 125c) established for routing filtered traffic to the servers 105………………………… Upon arriving at one of the data scrubbers 110, the traffic is filtered, and the filtered traffic is injected over path 220 to the DS router 115 (or otherwise transmitted to the DS router 115), which then selects a server (e.g., using a load balancing technique) and transmits the traffic through the MPLS tunnel 125 (or other tunnel), which encapsulates IP addresses of the traffic ) [Smith, para.0034-0036].

Re Claims 8, 19 and 27. Smith in view of Agarwal discloses the features of claims 1, 12 and 23, Agrawal further discloses wherein the IP address is announced by a scrubbing center of the scrubbing center network that is nearest to an end user (i.e. each cleaning center can announce the same victim prefixes. The ingress router for each of the cleaning centers will have the same loopback address. The IGP will pick the closest cleaning center to use. This is a form of anycast) [Agarwal, p.3, col.1-2, and p.7, col.2, since each cleaning center announces the same victim prefix/IP address, it is implied that the cleaning center nearest the end user also announces the IP address].
	The same motivation to modify Smith with Agarwal, as in claim 1, applies.

Re Claims 11, 22 and 30. Smith in view of Agarwal discloses the features of claims 1, 12 and 23, Smith in view of Agarwal does not explicitly disclose however it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith to include: wherein a scrubbing center comprises a distributed network of edge servers because it is suggested as a possible variation (i.e. if the data scrubber infrastructure comprises four scrubbing center) [Smith, para.0006].  

 	Claims 3, 6-7, 14, 17-18 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Applicant disclosed reference Agarwal et al as applied to claims 2, 13 and 24, further in view of Applicant disclosed reference Huici et al “An edge-to-edge filtering architecture agains DoS”, ACM SIGCOMM Computer Communication Review, April 2007, pp.41-50, vol.37, No.2.

Re Claims 3, 14 and 25. Smith in view of Agarwal discloses the features of claims 2, 13 and 24, Smith further discloses: further discloses: comprising receiving, at a scrubbing center of the scrubbing center network, an encapsulated outgoing network packet from the server (i.e. The servers 105 can be any set of servers that can each respond to requests received on the anycast IP address….. These tunnels 125, which can be virtual private network ("VPN") tunnels, multiprotocol label switching ("MPLS") tunnels, Internet protocol security ("IPSec") tunnels, generic routing encapsulation ("GRE") tunnels, or any other type of tunneling technology that can function to encapsulate traffic and allow 
custom routing between a DS router 115 and corresponding server router 120) [Smith, para.0029-0031], 
 	Smith in view of Agarwal does not explicitly disclose whereas Smith in view of Agarwal and Huici does: wherein the encapsulated outgoing network packet is an outgoing network packet which has been encapsulated by the server (i.e. If packets from a client to a server are encapsulated, should the reverse path traffic also be encapsulated? If it is encapsulated, should the forward-path encapsulator serve as the reverse-path decapsulator? ....................The decapsulator should be able to ask another decapsulator for the list of encapsulators corresponding to a specific client address handled by that decapsulator. The architecture does not require either, but there are advantages if both are true) [Huici, p.46, col.11-2 sections 4.1 - 4.2],  
 	Smith in view of Agarwal and Huici does not explicitly disclose: with header information comprising the spoofed IP address as a destination address, however Smith discloses assigning an anycast address (i.e. spoofed IP address) for the scrubbing appliances (i.e. each device (e.g., server or DS, respectively) in the same group can be configured with the anycast IP address and border gateway protocol ("BGP") can be used to advertise the anycast IP address on different subnets or different network segments) [Smith, para.0038]; therefore it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith in view of Agarwal and Huici to include the anycast address of the scrubbing centers in the header information because the anycast address is the only advertised address for the scrubbing centers and therefore including that address in the header yields the expected result of enabling the server to send the encapsulated outgoing packet via the tunnel.
 	Huici further discloses: decapsulating the outgoing network packet to generate a decapuslated outgoing network packet by removing the encapsulation added by the server that includes the header information (i.e. At the decapsulator, the outer encapsulation header is removed) [Huici, p.42, col.2, section 2.1], (i.e. To perform edge-to-edge encapsulation, the encapsulator needs to know how to map the destination IP address from a data packet to the address of the relevant decapsulator. Essentially this is a routing problem, and this information could in principle be conveyed by BGP…..The mapping from network prefix to decapsulator address or addresses is relatively static, so we suggest that a separate dissemination channel be used to distribute these mappings) [Huici, p.42, col.2, section 2.2], (i.e. If packets from a client to a server are encapsulated, should the reverse path traffic also be encapsulated? If it is encapsulated, should the forward-path encapsulator serve as the reverse-path decapsulator? ....................The decapsulator should be able to ask another decapsulator for the list of encapsulators corresponding to a specific client address handled by that decapsulator) [Huici, p.46, col.1-2 sections 4.1 - 4.2]; and transmitting the decapsulated outgoing network packet to the end user (i.e. At the decapsulator, the outer encapsulation header is removed, and the packet is forwarded on to the server (i.e. destination)) [Huici, p.42, col.2, section 2.1, note: in a reverse-path the destination is the user]. 
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith in view of Agarwal with Huici in order to provide a simple and effective architectural defense against distributed DoS attacks that requires no changes to the end-hosts, minimal changes to the network core, is robust to spoofing, provides incentives for initial deployment, and can be built with off-the-shelf hardware [Huici, Abstract].

Re Claims 6 and 17. Smith in view of Agarwal and Huici discloses the features of claims 3 and 14, Agarwal further discloses wherein the received encapsulated outgoing network packet is received at a network organization and routed external to the server (i.e. When this traffic is cleaned by one or more specialized filtering devices in the center, the legitimate traffic is redirected to the destination) [Agarwal, p.2, col.2].
	The same motivation to modify Smith with Agarwal, as in claim 1, applies.

Re Claims 7 and 18. Smith in view of Agarwal and Huici discloses the features of claims 6 and 17, Smith further discloses wherein the server is one of a plurality of servers in the network organization (i.e. provide an architecture, systems, and/or methods for redirecting network traffic (e.g., requests from hosts on the Internet to servers at an Internet service provider ("ISP"), servers at a content provider, etc.) that is originally destined for a series of servers that all respond to the same IP address (using a technique known in the art as "anycasting"). This architecture can route the traffic through a series of data scrubbing devices (also referred to as "data scrubbing appliances") via an anycast IP address) [Smith, para.0023].  

 	 Claims 5, 16 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Agarwal and Huici as applied to claims 3, 14 and 25, further in view of Foo et al (US Pub. No.2015/0156035).

Re Claims 5 and 16. Smith in view of Agarwal and Huici discloses the features of claims 3 and 14, Smith in view of Agrawal and Huici further discloses: wherein the decapsulating is performed by a scrubbing center [Huici, p.46, col.1-2 section 4.1- 4.2].
	The same motivation to modify Smith-Agrawal with Huici, as in claim 3, applies.
 	Smith-Agarwal-Huici does not explicitly disclose that the selected scrubbing center is nearest to the server whereas Foo does (i.e. A SDNS node 304 (e.g., an intermediate node) nearest or connected to a specified next service device 312 may receive and decapsulate the data packet. Based on the tag or other information in the payload of the data packet, the intermediate SDNS node 304 may determine that the data packet should be forwarded to the attached service device 312 for processing. Based on this determination, the intermediate SDNS node 304 may forward the decapsulated native data packet to a service device 312 connected to the SDNS node 304 for processing by the service device 312. The service device 312 may return the processed data packet back to the SDNS node 304 from which the service device 312 received the data packet) [Foo, para.0028].
 	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith-Agarwal-Huici with Foo because it  may reduce operation expenses as compared with current or traditional methods of implementation or deployment of network services. Additionally, the disclosed systems and methods may provide a more flexible use of existing resources and improve the long-term data center lifecycle. The disclosed systems and methods may also enable services virtualization [Foo, para.0025].

 Re Claim 26, the features in this claim are similar to features recited in claims 5 and 6, therefore it is rejected in a manner similar to the rejections applied to claim 5 and 6.

Claims 9, 20 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Agarwal et al as applied to claims 8, 19 and 27, further in view of Mahaffey et al (US Pub.No.2015/0188949).

Re Claims 9, 20 and 28. Smith in view of Agarwal discloses the features of claims 8, 19 and 27, Agarwal further discloses: wherein the scrubbing center nearest to the end user comprises one selected from the group consisting of geographically closest (i.e. Each cleaning center can be assigned a particular prefix. This way, load can be balanced across different centers. Alternatively, each cleaning center can announce the same victim prefixes. The ingress router for each of the cleaning centers will have the same loopback address. The IGP will pick the closest cleaning center to use. This is a form of anycast) [Agarwal, p.3, col.1-col.2, and p.7, col.2],
 	The same motivation to modify with Agarwal, as in claim 1, applies.
 	Smith in view of Agarwal does not explicitly disclose whereas Smith in view of Agarwal and Mahaffey does: lowest cost (i.e. For a forward path, such as client to internet via PoP, the decision of which real network interface to use may be based on an up/down status of the real network interface………Or it may include a cost of routing e.g., Wi-Fi networks may be cheaper than non-Wi-Fi, but in some cases may be slower) [Mahaffey, para.0442], healthiest (i.e. The decision process may use information collected by, for example: measuring the latency or packet loss of a particular carrier to a known location on their network…..using a known dataset of current route health statistics) [Mahaffey, para.0452], with the least congested route (i.e. The preferred transport may take the effect of routing packets via less congested routes, or other forms of QoS) [Mahaffey, para.0455], (i.e. Border Gateway Protocol (BGP) may use metrics relating to the length (in terms of number of unique autonomous systems) of a route (e.g., AS-path) in order to route packets), and another distance measure [Mahaffey, para.0450].  
  	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Smith-Agarwal with Mahaffey because with Mahaffey statistics are gathered about various routes so optimal routing decisions between all points in the network can be made [Mahaffey, para.0453].

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285.  The examiner can normally be reached on Monday - Friday. 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434