Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
This is in response to the original filling of July 1, 2019 and preliminary amendments of October 21, 2019.  Claims 1-21 have been cancelled.  Claims 22 and 23 have been amended.  Claims 25-41 have been added.  Claims 22-41 are pending and have been considered below.

Priority
16459454, filed 07/01/2019 is a division of 15043361, filed 02/12/2016, now U.S. Patent #10341379 and having 1 RCE-type filing therein.

Drawings
The drawings filed on 07/01/2019 are accepted.

Specification
The amendment to the specification filed on 07/01/2019 is accepted.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out 
Claims 22-41ar rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-24 of U.S. Patent No. 10,341,379. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 22-41 of the present application are anticipated by claims 1-24 of U.S. 10,341,379.
Therefore patent claims 1-24 of U.S. 10,341,379 is in essence a “species” of the generic invention of claims 22-41 of the present application, it has been held that a generic invention is anticipated by a species within the scope of the genereic invention.  See Inre Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).

16/459,454
10,341,379
22. A computerized method of operating a managed content distribution network in data communication with an internetwork to compensate for one or more malicious internetwork-originated attacks directed at subscribers of the managed content distribution network, the computerized method comprising: 
processing packetized data traffic received by the managed content distribution network from the internetwork to identify at least portions of the packetized data traffic having Internet Protocol (IP) packet header information, the IP packet header information comprising a destination address corresponding to at least one 
inserting, using at least one router in data communication with an ingress of the packetized data traffic within the content distribution network, data into the at least portions of the packetized data traffic, the inserting preserving the destination address for subsequent use by the managed content distribution network; 





subsequent to the inserting and based at least on the data, switching the at least portions of the packetized data traffic to a processing entity, the processing entity being within the managed content distribution network;



 processing the at least portions of the packetized data traffic using the processing entity, the processing causing at least one of: (i) filtration of at least a portion of the switched identified portions of the packetized data traffic, and (ii) switching of at least a portion of the at least portions of the packetized data traffic to an intermediate destination; and 




collecting data relating to one or more metrics characterizing the one or more malicious internetwork-originated attacks, wherein the collected data is configured to enable anticipation of future malicious internetwork-originated attacks; 



wherein the processing of the packetized data traffic, the inserting of the data, the switching of the at least portions of the packetized data traffic, and the processing of the at least portions of the packetized data traffic cooperate to enable the at least one computerized user device to continue operation after the one or more malicious internetwork-originated attacks have been initiated. 
23. The computerized method of claim 22, wherein the processing the packetized data traffic, and the inserting, the switching and the processing of the at least portions of the packetized data traffic are conducted at least in part automatically using computerized processes of one or more of: (i) the managed content distribution network, (ii) the at least one router, and (iii) the processing entity, to minimize delays in providing the compensation. 
28. The computerized method of claim 22, wherein inserting the data comprises 
29. The computerized method of claim 22, further comprising: removing the at least portions of the packetized data traffic, the removing occurring after completion of the processing of the packetized data traffic, the inserting of the data, the switching of the at least portions of the packetized data traffic, and the processing of the at least portions of the packetized data traffic; and transmitting the at least portions of the packetized data traffic to the at least one computerized user device. 
30. The computerized method of claim 22, further comprising: identifying prospectively spoofed data traffic received by a network entity within the managed content distribution network for flagging; determining whether the identified prospectively spoofed data traffic was transmitted by a particular network address; and based at least on the determining, ignoring the identified prospectively spoofed data traffic. 
31. The computerized method of claim 22, wherein the processing the at least portions of the packetized data traffic using the processing entity comprises using internal routing infrastructure, distributing the at least portions of the packetized data traffic among a plurality of scrubbing devices of the processing entity. 
33. The computerized method of claim 31, wherein the distributing comprises distributing the at least portions of the packetized data traffic among the plurality of scrubbing devices using a load balancing algorithm. 

35. The computerized method of claim 31, wherein the plurality of scrubbing devices comprises at least a first scrubbing device and a second scrubbing device, the first scrubbing device more capable of processing data traffic than the second scrubbing device; and wherein the distributing comprises (i) transmitting traffic associated with metropolitan areas to the first scrubbing apparatus, and (ii) transmitting traffic associated with non-metropolitan areas to the second scrubbing apparatus. 


identifying, via said computerized network controller apparatus, traffic of said network, at least a portion of said identified traffic associated with data indicative of one or more malicious attacks, the identified traffic comprising at least 

managing influx and processing of the identified traffic, the managing influx and processing comprising at least:
 

identifying, via said computerized network controller apparatus, an available capacity for each of the plurality of processing entities;
 based at least in part on the identifying of the available capacity for each of the plurality of processing entities, selecting at least one of the plurality of processing entities so as to balance traffic influx across the plurality of processing entities; 
based at least in part on said selecting of said at least one of said plurality of processing entities, enabling said at least one of said plurality of processing entities to transmit, to at least a portion of said plurality of router devices, alternate routing protocol data indicative of said at least one of said plurality of processing entities and configured to cause transmission of the identified traffic thereto; 
based at least in part on said transmission of said alternate routing protocol data, enabling insertion of said alternate routing protocol data into said identified traffic, said inserted alternate routing protocol data causing switching of said identified traffic from one or more routers of said at least portion of said plurality of router 
enabling processing of said switched identified traffic using said at least one of said plurality of processing entities so as to render said switched identified traffic non-harmful to said one or more computerized user devices; and 
collecting one or more metrics related to the processing of the switched identified traffic, the one or more metrics for use in identification of a predicted amount of available capacity of the at least one of the plurality of processing entities for future management of influx and processing; enabling removal of said inserted alternate routing protocol data from said identified and processed traffic; and 
enabling routing of said identified and processed traffic to a destination associated with said destination data and said host entity. 
  
  2. The method of claim 1, wherein said data indicative of the one or more malicious attacks comprise data indicative of one or more distributed denial-of-service (DDoS) attacks that are originated from an internetwork in data communication with the network. 
    3. The method of claim 1, wherein said identifying traffic comprises identifying traffic of said network based at least in part on data indicative of user or third party input indicating at least one of (i) a possible existence of a malicious attack, and/or (ii) a reduction in service or performance. 

    5. The method of claim 4, wherein: said network comprises a managed content distribution network having a plurality of subscribers; said data indicative of the one or more malicious attacks comprise data indicative of one or more distributed denial-of-service (DDoS) attacks that are originated from an internetwork in data communication with the managed content distribution network; and said substantially centralized router apparatus is associated with a backbone network within the managed content distribution network. 
    6. The method of claim 5, wherein: said alternate routing protocol data comprises next-hop routing data configured to enable switching of said identified traffic to a scrubbing router in data communication with one or more scrubbing appliances of said at least one of said plurality of processing entities via alteration of only a portion of said destination data, said portion relating to only a subset of routers within said network; and said inserted alternate routing protocol data causing said switching said identified traffic to the at least one of said plurality of processing entities comprises said inserted alternate routing protocol data causing switching said identified traffic directly to the scrubbing router. 

    8. The method of claim 1, wherein the alternate routing protocol data comprises a Multiprotocol Label Switching (MPLS) protocol path label configured to enable MPLS label switch path (LSP)-based, next-hop switching of the identified traffic. 
      


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 22, 23, 26-29, 31 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Reams, III et al U.S. 8,510,826 B1.
Claim 22:  Nguyen et al teaches  a computerized method of operating a managed content distribution network in data communication with an internetwork to compensate for one or more malicious internetwork-originated attacks directed at subscribers of the managed content distribution network (par.22, Figs.1,2, & 3), the computerized method comprising: 
		processing packetized data traffic received by the managed content distribution network from the internetwork to identify at least portions of the packetized data traffic having Internet Protocol (IP) packet header information, the IP packet header information comprising a destination address corresponding to at least one computerized user device associated with at least one subscriber of the managed content distribution network (par.22-24, For normal traffic flow, the CE router 108 is configured to receive the ingress IP traffic 120 from the PE.sub.C router 102 and provide the ingress IP traffic 120 to the intended destination 110. The intended destination 110 may be, for example, a customer's local area network ("LAN") or any device connected thereto including, but not limited to, one or more LAN routers, wireless LAN routers, or other IP devices such as computers, servers, video game consoles, or mobile devices (e.g., a smartphone, personal digital assistant, tablet computer, camera, or e-reader));
par.25, The PE.sub.I router 104 is configured to redirect ingress IP traffic 200 (hereinafter "redirected ingress IP traffic 200") to the PE.sub.S router 106 in response to a customer requesting an application service from the application server 114); 
		 subsequent to the inserting and based at least on the data, switching the at least portions of the packetized data traffic to a processing entity, the processing entity being within the managed content distribution network (par.25, The PE.sub.S router 106 is configured to receive the redirected ingress IP traffic 200 from the PE.sub.I router 104 and route the redirected ingress IP traffic 200 to the L2SW 112. The L2SW 112 is configured to receive redirected ingress IP traffic 200 from the PE.sub.I router 104 and provide the redirected ingress IP traffic 200 to the application server 114 for processing (e.g., via DDoS scrubbing or another application service).);
	 	 processing the at least portions of the packetized data traffic using the processing entity, the processing causing at least one of: (i) filtration of at least a portion of the switched identified portions of the packetized data traffic, and (ii) switching of at least a portion of the at least portions of the par.29-30, 33, The DDoS scrubber then determines which packets in the redirected ingress IP traffic 200 are attack packets and which packets are legit packets (i.e., non-attack or normal packets). Although all traffic is diverted to the DDoS scrubber, only legit packets are then re-injected into the traffic flow of the network 100 by the PE.sub.S 106 as the post-processed traffic 202);  and 
		wherein the processing of the packetized data traffic, the inserting of the data, the switching of the at least portions of the packetized data traffic, and the processing of the at least portions of the packetized data traffic cooperate to enable the at least one computerized user device to continue operation after the one or more malicious internetwork-originated attacks have been initiated (par.5, 19, 25, The application server 114 processes the redirected ingress IP traffic 200 and sends post-processed traffic 202 to the L2SW 112, which provides the post-processed traffic 202 to the PE.sub.S router 106 for routing to the PE.sub.S router 102. The PE.sub.S router 102 receives the post-processed traffic 202 and then routes the post-processed traffic 202 to the CE router 108 for delivery to the intended destination 110). 
Nguyen et al fails to teach, however Reams III et al in a similar field of endeavor 
 collecting data relating to one or more metrics characterizing the one or more malicious internetwork-originated attacks, wherein the collected data is configured to enable anticipation of future malicious internetwork-col.4, lines 58-67, col6, lines 35-55, creating customer profiles that contain customer traffic data, developing statistical data associated with normal IP traffic, or using linear regression techniques that adjust normality of the data with the conditions of the customer network. There are many more techniques that may be employed. The idea here is to illustrate that the subset is compared to a model, an ideal, or a baseline to determine whether the subset contains data packets that are not normal. For customer networks 109 and 112, if some of the data packets are found to be abnormal, a situation may be flagged to identify the abnormality as a possible DDoS attack);  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Reams, Ill et al in order to provide a mitigation service to customers to remove or reduce DDoS attacks regardless of the customer's relationship with a service provider, as suggested Reams, Ill et al abstract.
Claim 23: the combination teaches 
	wherein the processing the packetized data traffic, and the inserting, the switching and the processing of the at least portions of the packetized data traffic are conducted at least in part automatically using computerized processes of one or more of (Nguyen et al par.53-55):
	 (i) the managed content distribution network (Nguyen et al par.33-35, 53-55),
Nguyen et al par.33-35, 53-55), and 
	(iii) the processing entity, to minimize delays in providing the compensation (Nguyen et al par. 33-35, 53-55). 
Claim 26: the combination teaches   
		transmitting the data relating to the one or more metrics from at least one of the one router or the processing entity, to at least one other network entity within the managed content distribution network, in order to enable the at least one other network entity to participate in malicious traffic mitigation schemes (Nguyen et al par. 33-35, 38-39, Reams III et al col.4, lines 10-55). 
The same motivation to modify Nguyen et al in view of Ream, III et al applied to claim 22 above applies here.
Claim 27: the combination teaches  
	transmitting the data relating to the one or more metrics from the managed content distribution network to at least one off-network entity outside of the managed content distribution network, in order to enable the at least one off-network entity to participate in malicious traffic mitigation schemes (Nguyen et al par. 33-35, 53-55 Reams III et al col.4, lines 10-55 col.6, lines 53-63). 
The same motivation to modify Nguyen et al in view of Ream, III et al applied to claim 22 above applies here.
Claim 28: the combination teaches   
		wherein inserting the data comprises inserting switching-layer protocol address data into the at least portions of the packetized data traffic (Nguyen et al , par, 6, 32, 34, 34). 
Claim 29: the combination teaches   
		removing the at least portions of the packetized data traffic, the removing occurring after completion of the processing of the packetized data traffic, the inserting of the data, the switching of the at least portions of the packetized data traffic, and the processing of the at least portions of the packetized data traffic (Nguyen et al par. 33-35, 53-55 Reams III et al col.4, lines 10-55 col.6, lines 53-63); and
		transmitting the at least portions of the packetized data traffic to the at least one computerized user device (Nguyen et al par. 33-35, 53-55 Reams III et al col.4, lines 10-55 col.6, lines 53-63). 
The same motivation to modify Nguyen et al in view of Ream, III et al applied to claim 22 above applies here.
Claim 31: the combination teaches
	 	 wherein the processing the at least portions of the packetized data traffic using the processing entity comprises using internal routing infrastructure, distributing the at least portions of the packetized data traffic among a plurality of scrubbing devices of the processing entity (Nguyen et al par. 33-35, 54). 
Claim 33: the combination teaches 
		wherein the distributing comprises distributing the at least portions of the packetized data traffic among the plurality of scrubbing devices using a load balancing algorithm (Nguyen et al par. 33-35, 54). 
 
Claim 24 is  rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Reams, III et al U.S. 8,510,826 B1 in further view of Barr et al U.S. 2006/0050719 A1.
Claim 24: the combination fails to teach, however Barr et al in the same field of endeavor teaches   
	associating the at least portions of the packetized data traffic having the IP packet header information to pre-programmed routing data;  and determining at least one of:  
	(i) an exit interface (par.20) and
		 (ii) a path, from a second router of the managed content distribution network (par.85-87). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Barr et al in order to provide the ability to discern a human user from automated software prior to granting certain access or privileges to the user, as suggested Barr et al par. 3.

Claims 25 and 36 are rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Reams, III et al U.S. 8,510,826 B1 in further view of Pasko U.S. 2006/0282891 A1.
Claim 25: the combination teaches
 	using at least the collected data relating to the one or more metrics in determining one or more traffic patterns or Reams III et al, col.6, lines 35-50,col.9, lines 10-15). 
The same motivation to modify Nguyen et al in view of Ream, III et al applied to claim 22 above applies here.
The combination fails to teach, however Pasko in the same field of endeavor teaches
		using at least the collected data relating to the one or more metrics in determining origination addresses of the one or more malicious internetwork-originated attacks (par.65, 72)
 Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Pasko in order to provide the ability to protect a customer network from network attacks, as suggested pasko par. 3.
Claim 36: the combination fails to teach, however Pasko in the same field of endeavor teaches
par.50-53, 59), and wherein the distributing comprises
 		(i) transmitting traffic associated with a first geographic region to the first scrubbing device (par.50-53, 59), and 
		(ii) transmitting traffic associated with a second geographic region, different from the first geographic region, to the second scrubbing device (par.50-53, 59). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Pasko in order to provide the ability to protect a customer network from network attacks, as suggested pasko par. 3.

Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Reams, III et al U.S. 8,510,826 B1 in further view of Kaashock et al U.S. 2002/0035683 A1.
Claim 30: the combination fails to teach, however Kaashock et al in the same field of endeavor teaches 
	identifying prospectively spoofed data traffic received by a network entity within the managed content distribution network for flagging(par.30-33); 
	 determining whether the identified prospectively spoofed data traffic was transmitted by a particular network address(par.31-33);  and
par.38, 41). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Kaashock et al in order to provide the ability of thwarting denial of service attacks on a victim data center coupled to a network includes monitoring network traffic through monitors disposed at a plurality of points in the network and communicating data from the monitors, over a hardened, redundant network, to a central controller, as suggested Kaashock et al par. 4.

Claim 32 is  rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Reams, III et al U.S. 8,510,826 B1 in further view of Mao et al U.S. 8,141,156 B1.
Claim 32: the combination fails to teach, however Mao et al in the same field of endeavor teaches 
	comprising enabling the processing entity to hide data indicative of the internal routing infrastructure from the managed content distribution network (col.1, lines 60-67). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Pasko in order to provide the ability to for mitigating routing misbehavior in a network, as suggested Mao et al col.1, lines 5-10.

 Claim 34 is rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Reams, III et al U.S. 8,510,826 B1 in further view of Smith et al U.S. 9,350,706 B1.
Claim 34: the combination fails to teach, however Smith et al in the same field of endeavor teaches 
	wherein the plurality of scrubbing devices comprises at least a first scrubbing device and a second scrubbing device, the first scrubbing device more capable of processing data traffic than the second scrubbing device;  and wherein the distributing comprises transmitting higher priority data traffic of the at least portions of the packetized data traffic to the first scrubbing device and transmitting lower priority data traffic of the at least portions of the packetized data traffic to the second scrubbing device (col.8, 29-43, col.9, lines 39-clo.10, line 9). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Pasko in order to provide the ability to for filtering network traffic in an anycasting environment and transmitting the filtered network traffic to the plurality of anycasted servers in a load balanced manner, as suggested Smith et al abstract.

Claim 35 is rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Reams, III et al U.S. 8,510,826 B1 in further view of Smith et al U.S. 9,350,706 B1 and Pasko U.S. 2006/0282891 A1.
Claim 35: the combination fails to teach, however Smith et al in the same field of endeavor teaches 
	wherein the plurality of scrubbing devices comprises at least a first scrubbing device and a second scrubbing device, the first scrubbing device more capable of processing data traffic than the second scrubbing device (col.8, 29-43, col.9, lines 39-clo.10, line 9). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Smith et al in order to provide the ability to for filtering network traffic in an anycasting environment and transmitting the filtered network traffic to the plurality of anycasted servers in a load balanced manner, as suggested Smith et al abstract.
The combination fails to teach, however in however Pasko in the same field of endeavor teaches
 wherein the distributing comprises 
(i) transmitting traffic associated with metropolitan areas to the first scrubbing apparatus (par.50-53, 59), and
 (ii) transmitting traffic associated with non-metropolitan areas to the second scrubbing apparatus (par.50-53, 59). 
Nguyen et al with the additional features of Pasko in order to provide the ability to protect a customer network from network attacks, as suggested pasko par. 3.

Claims 37 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Gerlach et al U.S. 9,141,789 B1 in view of Smith et al U.S. 9,350,706 B1.
Claim 37: Gerlach et al teaches a network architecture configured to at least mitigate one or more effects of external attacks on one or more users of a managed content distribution network, the network architecture comprising: 
one or more network interfaces configured to receive a plurality of data packets from an external network (col.4, lines 1-45, when an external user accesses the network 106 via the Internet, the external user will have an associated IP address and possibly a username that the network 106 uses to identify the user. If the external user is a threat to the network 106, the invention takes action to mitigate the threat. All traffic entering the network 106, enters the network 106 through a security device wherein the traffic is broken down into packets with each packet);  
	 one or more processing entities in data communication with the one or more network interfaces and the centralized scrubbing apparatus, the one or more processing entities configured (col.4, lines 20-30, non-limiting example of security devices to include a Managed DDoS Mitigation Device 100, DDoS Management Device 101, Unmanaged DDoS Mitigation Device (also known as a Standalone DDoS Device) 102, Intrusion Protection System (IPS), Intrusion Detection System (IDS) 104, network device or some combination thereof)  to: 
	(i) evaluate all of the plurality of data packets received by the one or more network interfaces (Fig.3, col.6, lines 11-25, a plurality of IDS may be used to capture, process, and calculate statistics from data in network traffic entering a network 106);  
	(ii) detect identified ones of the all of the plurality of data packets (Fig.3, col.6, lines 11-25, an application and an application rate corresponding to the data may be determined. A filter may be generated that is specific to the application.  A DDoS mitigation may then be activated or modified using the generated filter); and 
	(iii) process the identified ones of the all of the plurality of data packets so as to enable redirection of the identified ones of the plurality of data packets to the centralized scrubbing apparatus (Fig.3, col.6, lines 11-25, A filter may be generated that is specific to the application. A DDoS mitigation may then be activated or modified using the generated filter). 
Gerlach et al fails to teach, however Smith et al in the same field of endeavor teaches 
Figs 1A-1B Figs. 1 A-B, Fig.2, col.5, line 40 to col.6, line 65, for redirecting network traffic (e.g., requests from hosts on the Internet to servers at an Internet service provider ("ISP"), servers at a content provider, etc.) that is originally destined for a series of servers that all respond to the same IP address (using a technique known in the art as "anycasting").  This architecture can route the traffic through a series of data scrubbing devices (also referred to as "data scrubbing appliances") via an anycast IP address. Once the data scrubbers have blocked undesirable traffic (such as traffic that is part of a DDoS attack or otherwise is potentially harmful to the servers or other network elements) and have allowed desirable traffic to pass, the desirable traffic must be sent to the original servers);  and
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Gerlach et al with the additional features of Smith et al in order to provide the ability to for filtering network traffic in an anycasting environment and transmitting the filtered network traffic to the plurality of anycasted servers in a load balanced manner, as suggested Smith et al abstract.
Claim 39: the combination teaches   
Smith et al, col.8, 29-43, col.9, lines 39-clo.10, line 9);  and 
		wherein the first scrubbing device is configured to receive first data packets, the second scrubbing device is configured to receive second data packets, the first data packets having higher priority than the second data packets (Smith et al, col.8, 29-43, col.9, lines 39-clo.10, line 9). 
The same motivation to modify Gerlach et al in view of Smith et al applied to claim 37 above applies here.
Claim 38 is rejected under 35 U.S.C. 103 as being unpatentable over Gerlach et al U.S. 9,141,789 B1 in view of Smith et al U.S. 9,350,706 B1 in further view of Pasko U.S. 2006/0282891 A1.
Claim 38: the combination teaches wherein: 
	the plurality of scrubbing devices comprises at least a first scrubbing device and a second scrubbing device (Smith et al, col.8, 29-43, col.9, lines 39-clo.10, line 9); and 
 The combination fails to teach, however in however Pasko in the same field of endeavor teaches
	the plurality of data packets have routing data associated with at least two different geographic regions (par.50-53, 59); and 
par.50-53, 59);
	the first scrubbing device is configured to only receive data packets associated with the first region, and the second scrubbing device is configured to only receive data packets associated with the second region. (par.50-53, 59). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Pasko in order to provide the ability to protect a customer network from network attacks, as suggested pasko par. 3.

Claim 40 is rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Paatela et al U.S. 2002/0163935 A1.
Claim 40: Nguyen et al teaches a network apparatus for use within a data network, the network apparatus comprising: 
	a processing apparatus (Figs.3-8, items 302, 306, par.20, 44, 47);  
a data traffic interface in data communication with the processing apparatus and configured to at least receive a plurality of data packets originated from an internetwork, the plurality of data packets having at least a network destination address, the network destination address specified by a network-layer protocol associated with the data network (par.22-24, For normal traffic flow, the CE router 108 is configured to receive the ingress IP traffic 120 from the PE.sub.C router 102 and provide the ingress IP traffic 120 to the intended destination 110. The intended destination 110 may be, for example, a customer's local area network ("LAN") or any device connected thereto including, but not limited to, one or more LAN routers, wireless LAN routers, or other IP devices such as computers, servers, video game consoles, or mobile devices (e.g., a smartphone, personal digital assistant, tablet computer, camera, or e-reader) ; 
	 at least one data storage apparatus in data communication with the processing apparatus, the at least one storage apparatus configured to store at least the plurality of received data packets (par.45);  and 
	computerized logic operative to execute on the processing apparatus, the computerized logic comprising a plurality of instructions which are configured to, when executed by the processing apparatus, cause the network apparatus(Figs. 3-8, par.20, 44, 47) to: 
	identify at least a portion of the plurality of data packets for further processing( par.29-30, 33, The DDoS scrubber then determines which packets in the redirected ingress IP traffic 200 are attack packets and which packets are legit packets (i.e., non-attack or normal packets). Although all traffic is diverted to the DDoS scrubber, only legit packets are then re-injected into the traffic flow of the network 100 by the PE.sub.S 106 as the post-processed traffic 202); 
par.25, The PE.sub.S router 106 is configured to receive the redirected ingress IP traffic 200 from the PE.sub.I router 104 and route the redirected ingress IP traffic 200 to the L2SW 112. The L2SW 112 is configured to receive redirected ingress IP traffic 200 from the PE.sub.I router 104 and provide the redirected ingress IP traffic 200 to the application server 114 for processing (e.g., via DDoS scrubbing or another application service);  and
 	cause utilization of the switching-layer protocol address to route the at least the portion of the plurality of data packets from the processing apparatus to a second processing apparatus, so as to substantially frustrate a network attack (par.5, 19, 25, The application server 114 processes the redirected ingress IP traffic 200 and sends post-processed traffic 202 to the L2SW 112, which provides the post-processed traffic 202 to the PE.sub.S router 106 for routing to the PE.sub.S router 102. The PE.sub.S router 102 receives the post-processed traffic 202 and then routes the post-processed traffic 202 to the CE router 108 for delivery to the intended destination 110). 
Nguyen et al fails to teach, however Paatela et al in the same field of endeavor teaches 
par, 38, packet are processed, with due consideration to the packet's protocol, which results in a protocol-dependent modification of the temporarily stored packet information);  

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the disclosure of Nguyen et al with the additional features of Reams, Ill et al in order to provide the ability for facilitating packet transformation of multi-protocol, multi-flow, streaming data, as suggested Paatela et al par.14.

Claim 41 is rejected under 35 U.S.C. 103 as being unpatentable over Nguyen et al U.S. 2013/0044758 A1 in view of Paatela et al U.S. 2002/0163935 A1 in further view of Reams, III et al U.S. 8,510,826 B1 .
Claim 41: the fails to teach, however Reams, III et al in the same field of endeavor teaches 
		collect data relating to one or more metrics, the one or more metrics characterizing the network attack(Reams III et al,  col.4, lines 58-67, col6, lines 35-55);  and 
		cause distribution of the data relating to one or more metrics to one or more network entities, the distribution enabling at least mitigation of one or more subsequent network attacks(Nguyen et al par. 33-35, 38-39, Reams III et al col.4, lines 10-55). 
Nguyen et al with the additional features of Reams, Ill et al in order to provide a mitigation service to customers to remove or reduce DDoS attacks regardless of the customer's relationship with a service provider, as suggested Reams, Ill et al abstract.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685.  The examiner can normally be reached on 6:30-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center 






Saturday, August 28, 2021

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436