DETAILED ACTION
1.	Notice of Pre-AIA  or AIA  Status:  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


2.	Claims 1-20 are presented for allowance. 

3.	Claims 1, 3, 4, 8, 11, 14, and 20 have been amended as filed on July 1, 2021.

4.	This allowance of application 16/587679 is in response to Applicant’s claims and amendments filed on July 1, 2021.

Examiner’s Amendment
5.	An examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR § 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the Issue Fee.

6.	Authorization for this examiner’s amendment was given by Aaron Kamlay via an email interview sent to USPTO on September 1, 2021.

7.	The claims have been amended as follows:


a computing device comprising a processor, memory, network interface, and operating system, and operably connectable to a computer network, the  computing device further comprising a network packet redirection detection module configured to monitor IP packets transmitted over the computer network,
wherein the computing device is configured to:
 within a session between a source computer and a destination computer, compare a packet transmission time or a round trip time of one or more of the IP packets between a source IP address assigned to the source computer and a destination IP address assigned to the destination computer on the computer network to a historical record of one or more packet transmission times or round trip times between the source IP address and the destination IP address on the computer network; and
based upon a discrepancy identified between the packet transmission time or the round trip time and the historical record of the one or more packet transmission times or round trip times, determining that a surreptitious redirection of IP network packet traffic has occurred on the computer network.

2.	(Original) The system of claim 1, wherein the network packet redirection detection module determines an effective sending IP address for a system having an unroutable IP address.

3.	(Currently Amended) The system of claim 1, wherein the network packet redirection detection module is configured to monitor TCP/IP streams for packet transmission time anomalies and/or  round trip packet response time anomalies.

4.	(Previously Presented) The system of claim 3, further comprising a database containing the historical record of the one or more packet transmission times or round trip times between the source IP address and the destination IP address.

5.	(Original) The system of claim 1, where the computing device executes an IP networking stack that causes the network interface to transmit and receive UDP/IP packets.

6.	(Original) The system of claim 5, where the network packet redirection detection module is configured to monitor UDP/IP packet transmission and receipt times to identify packet transmission time anomalies.

7.	(Original) The system of claim 6, further comprising a database containing historical packet transmission and receipt times between mutable IP addresses.

8.	(Currently Amended) A method comprising:

 within a session between a source computer and a destination computer, comparing a packet transmission time or a round trip time of one or more of the IP packets between a source IP address assigned to the source computer and a destination IP address assigned to the destination computer on the computer network to a historical record of one or more packet transmission times or round trip times between the source IP address and the destination IP address on the computer network; and
based upon a discrepancy identified between the packet transmission time or the round trip time and the historical record of the one or more packet transmission times or round trip times, determining that a surreptitious redirection of IP network packet traffic has occurred on the computer network.

9.	(Currently Amended) The method of claim 8, further comprising determining that a sending computer system has an unroutable IP address, and determining a routable sending IP address for  the sending computer system having  the unroutable IP address.

10.	(Original) The method of claim 8, wherein the discrepancy comprises one or more round trip packet response time anomalies.


wherein the historical record comprises historical packet transmission times between the source IP address and the destination IP address , and 
wherein the discrepancy comprises a difference between the packet transmission time or the round trip time between the source IP address and the destination IP address  and the historical record of the one or more packet transmission times or round trip times between the source IP address and the destination IP address .

12.	(Original) The method of claim 11, further comprising determining that the difference is not within an acceptable range of times.

13.	(Currently Amended) The method of claim 8, wherein the monitoring comprises monitoring UDP/IP streams for packet transmission time anomalies, by comparing a timestamp or other timing indicia contained within the packet to  a current system time and calculating  the packet transmission time.

14.	(Currently Amended) The method of claim 13, wherein the packet transmission time or the round trip time is the calculated packet transmission time and the historical record of the one or more packet transmission times or round trip times is a historical packet transmission time.



16.	(Original) The method of claim 8, further comprising taking a predefined action in response to the discrepancy.

17.	(Currently Amended) The method of claim 16, where the taken predefined action  is one or more actions selected from  a group consisting of: 
disconnecting from the network; 
stopping IP transmissions to the destination IP address; 
dropping a packet; 
conducting a further test; 
generating a notification;
generating a message to another computer or process; 
generating a log message; and 
redirecting one or more packets to a known-good router.

18.	(Original) The method of claim 8, further comprising monitoring the IP packets received for an anomalous ARP response, and taking an action in response to an anomalously received ARP response.

taken action  is one or more actions selection from  a group consisting of: 
disconnecting from the computer network; 
stopping IP transmissions to a destination IP address; 
dropping a packet; 
conducting a further test; 
generating a notification; 
generating a message to another computer or process; 
generating a log message; and 
redirecting one or more packets to a known-good router.

20.	(Currently Amended) A non-transitory computer-readable medium storing a plurality of instructions which, when executed by a computer processor, execute a method for detecting surreptitious redirection of computer network packets, the method comprising:
monitoring, by a computing device, IP packets transmitted over a computer network;
 within a session between a source computer and a destination computer, comparing a packet transmission time or a round trip time of one or more of the IP packets between a source IP address assigned to the source computer and a destination IP address assigned to the destination computer on the computer network to a historical record of one or more 
based upon a discrepancy identified between the packet transmission time or the round trip time and the historical record of the one or more packet transmission times or round trip times, determining that a surreptitious redirection of IP network packet traffic has occurred on the computer network.

Reason for Allowance
8.	Claims 1, 8 and 20 of the present invention are directed towards a session between a source computer and a destination computer.  Independent claims 1, 8 and 20 each identify the following uniquely distinct combination of features:
monitoring, by a computing device, IP packets transmitted or received over a computer network
within a session between a source computer and a destination computer, comparing a packet transmission time or a round trip time of one or more of the IP packets between a source IP address assigned to the source computer and a destination IP address assigned to the destination computer on the computer network to a historical record of one or more packet transmission times or round trip times between the source IP address and the destination IP address on the computer network
based upon a discrepancy identified between the packet transmission time or the round trip time and the historical record of the one or more packet 

9.	Regarding allowed claims 1, 8 and 20 presented above, the following is an examiner’s statement of reasons for allowance.  The following are the closest prior art:

Mavani (US Pub 20180212989) [0007] [0008] [0032] teach “monitoring, by a computing device, IP packets transmitted or received over a computer network” limitation.

Fukuyama et al. (US Pub 20100008249) [0008] teach “within a session between a source and destination computer” feature.

Singh et al. (US Pub 20170195209) [0003] teach “within a session between a source and destination computer” feature.

 Gupta et al. (US Pub 20160134723) [0007] teach part of “compare [] a round trip time of one or more of the IP packets [] to a historical record of [] round trip times [] on the computer network” limitation.



Leitner (US Pub 20180343182) [0013] states “the time passed between the first node sending out ‘SYN’ and receiving the ‘SYN, ACK’ is commonly referred to as round-trip time (RTT).”
	
According to Wikipedia, “URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address.  When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened.  Similarly, domain redirection or domain forwarding is when all pages in a URL domain are redirected to a different domain.” 

According to MDN Web Docs, “URL redirection, also known as URL forwarding, is a technique to give more than one HRL address to a page, a form, or a whole Web site/application.  HTTP has a special kind of response, called a HTTP redirect, for this operation.”  “In HTTP, redirection is triggered by a server sending a special redirect response to a request.  Redirect responses have status codes that start with  3 , and a Location header holding the URL to redirect to.”  “When browsers receive a redirect, they immediately load the new URL provided in the Location header.  Besides 

According to TechTarget, “round-trip time (RTT), also called round-trip delay, is the time required for a signal pulse or packet to travel from a specific source to a specific destination and back again.  In this context, the source is the computer initiating the signal and the destination is a remote computer or system that receives the signal and retransmits it.”  “In a network, particularly a WAN (wide-area network) or the Internet, RTT is one of several factors affecting latency, which is the time between a request for data and the complete return or display of that data.” 

According to StormIT, “network round-trip time tends to have a great impact on your end-user experience in interactive applications, such as web browsing.  Network administrators can use it to diagnose the speed and reliability of the network connection and many web applications disconnect if RTT is too high.”  “The best way to calculate RTT is to understand that when a user loads a web page in a browser, they must first send out a request to load the page.  This requires at least one RTT to get the response to the user.”  “RTT is a complex metric that has several components.  It includes propagation delay, processing delay, queuing delay, and encoding delay.  The propagation delay is usually the dominant 

10.	In summary, nowhere do the prior art disclose the unique combination of steps/elements listed above.  The unique combination of steps/elements listed above are a novel combination.  The definitions, presented above, provide explanation/clarification to some critical features (e.g., redirection, Round Trip Time (RTT) ).  The prior art, either singularly or in combination fails to anticipate or render obvious the present invention.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

11.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to O. Charlie Vostal whose telephone number is 571-270-3992.  The examiner can normally be reached on 8:30am to 5:00pm EST Monday thru Friday.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the Public PAIR system, see http://portal.uspto.gov/pair/PublicPair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



	/ONDREJ C VOSTAL/           Primary Examiner, Art Unit 2452                                                                                                                                                                                             
	September 8, 2021