Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-19 are presented for examination.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 8/27/2018, 8/27/2019, 11/23/2020 & 02/27/2021. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1, 9 and 11 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Salmi et. Al (US pub, 20050198382 A1)
Referring to claim 1, Salmi teaches a method of detecting routing hijacks on the Internet (paragraph [0072], earlier detection of some class of "abnormal" events = hijacks), the method comprising: 
collecting a plurality of Border Gateway Protocol (BGP) updates from a plurality of BGP routers among a plurality of Autonomous Systems (ASes) on the Internet  (the statements in the policy has a profound effect on routers (see claim 9; paragraphs  [054], ([074], [107], plurality of BGP routers within network ~ Internet, that is applied to a route received (collecting) from the client protocol, as part of a BGP route-update message in which determination is made in peer routing systems, i.e. plurality of ASes, such as any routes that are expected from autonomous 
identifying at least one new origin based on the plurality of BGP updates (see paragraphs [054], [073] where event triggers are used to identify and track protocol specific events (new origin) in which the routing policy is applied to a route received from the client protocol, as part of a BGP route-update message);
forming a plurality of prefixes with the at least one new origin from among the prefixes included in the plurality of BGP updates (see paragraphs [007], [054], [073], generating routing policy comprises decoupling data items from actions associated with the data items which include prefixes in which event triggers are used to identify and track protocol specific events (new origin) and in which the routing policy is applied to a r6ute received from the client protocol, as part of a BGP route-update message);
removing at least one RFC1918 prefix from the plurality of prefixes (see paragraphs [007], [072] generating routing policy comprises decoupling data items from actions associated with the data items which include prefixes in which policy with filtering ~removing of RFC-1918 address space is put into place); and
reporting at least one prefix of the remaining prefixes in the plurality of prefixes as a potential routing hijack (see paragraph [072], generating routing policy comprises decoupling data items from actions associated with the data items which include prefixes in which policy execution allows for earlier detection (potential) of some class of "abnormal" events (routing hijack) that are triggered to create (reporting) events). 
Referring to claim 9, Salmi teaches the method of claim 1, further comprising: detecting if the at least one new origin is a spoofed origin (see para [073], event triggers are used to identify or detect specific events such as a misbehaving peer (spoofed origin))
Referring to claim 11, Salmi teaches the method of claim 1, wherein reporting the at least one prefix includes detecting at least one of an AS path corruption, a routing anomaly . 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 12-14, 16-19 rejected under 35 U.S.C. 102(a)(2) as being anticipated by Ogielski et al (US pub, 0150333983)
Referring to claim 12, Ogielski teaches a method of detecting routing hijacks on the Internet, the method comprising:
collecting a plurality of Border Gateway Protocol (BGP) updates from a plurality of BGP routers among a plurality of Autonomous Systems (ASs) on the Internet (see paragraphs [014], [017], routing alarms are based on network prefixes and Autonomous Systems on the network in which routing message data which are Border Gateway Protocol message data are collected from a plurality  of routers on the network), each BGP update in the plurality of BGP updates including at least one prefix (see paragraph [023] where prefixes are identified in BGP update messages);
identifying a plurality of prefixes with at least one new origin from among the prefixes included in the plurality of BGP updates (see paragraphs [023], [027], traffic is originated (new origin) from prefixes which are identified in BGP update messages (plurality of messages));
identifying at least one new AS number (ASN) based on the BGP updates (see paragraphs [022], [053], [060], Autonomous systems are detected in which AS routers send BGP UPDATE message data to their neighbor routers to announce their best routes to certain networks in which databases is queried using AS number);
determining if a registration of the at least one new ASN is equivalent to an associated prefix in the plurality of prefixes  (see paragraphs [022], [111], Autonomous  Systems corresponding  (equivalent)  to prefixes associated  with the network data of the features  are identified (determining) in which feature vector includes organization that is registered);
upon determination that the registration is equivalent, removing the associated prefix from the plurality of prefixes (see paragraphs [074], [0081], [0111], a list is edited by deleting (removing) prefixes in which a feature vector is created for each network prefix that includes a registered organization which is analyzed for network instability); and
reporting at least one prefix of the remaining prefixes in the plurality of prefixes as a potential routing hijack (see paragraphs [012], [076], [0081],  routing problems (routing hijack) are detected (potential) and reports are provided that are based on prefixes which are edited in the list); 
Referring to claim 13, Ogielski teaches the method of claim 12, further comprising: removing a private ASN from the beginning of at least one AS path in the plurality of BGP updates (see paragraphs [017], [053], [111], an identified  routing alarm is removed based on network prefixes in which a feature vector is created for each network prefix that includes a registered organization (private ASN) and in which an ASPATH attribute lists a sequence of traversed ASes back to the AS originating the prefix in which an event impacting global routing begins with one or more routers originating a certain number of UPDATE messages (plurality of BGP updates) 
Referring to claim 14. Ogielski teaches the method of claim 13, further comprising: upon removing the private ASN (see paragraph [017], [060], [111]), analyzing the at least one AS path for a routing hijack. (see paragraphs [0012], [0071], routing problems (hijack) are detected (analyzing) in which whether the connections represent an announced path or a withdrawn AS path is determined). 
Referring to claim 16, Ogielski teaches the method of claim 12, further comprising: detecting if the at least one new ASN is a spoofed ASN (see paragraphs ([017], [018], [060], queries are performed using AS numbers (new ASN) and alarms are provided and/or set to detect selected routing problems (spoofed ASN) in which Autonomous Systems are identified (detecting).
Referring to claim 17, Ogielski teaches the method of claim 16, further comprising:
analyzing an initial AS path fragment included in a BGP announcement (see paragraphs [0068], [0071], ([111],  a route to the prefix is originated by the autonomous  system network service providers in which the BGP data messages are analyzed and connections are distinguished (analyzing) as announced path or withdrawn path (AS path fragment)); 
detecting an anomaly in a downstream transit cone based on the analysis (see paragraphs [068], ([075], downstream neighbors are those that appear farther (transit cone) to collection routers 108 in the AS PATH attributes of the BGP messages in which BGP update  data is analyzed for routing activity  such as route outages (anomaly); and
determining a traceroute latency for the anomaly (see paragraphs [0068], ([0851]), routing activity such as route outages (anomaly) in which advertised prefix with longer (latency) AS path (traceroute) is determined; 
Referring to claim 18, Ogielski teaches the method of claim 12, wherein reporting the at least one prefix includes detecting at least one of an AS path corruption, a routing anomaly caused by human error, a leak, or a hidden BGP relationship (see paragraph [111], reports on the state and stability of global network BGP routing are provided in which the autonomous system network service providers originate a route to the prefix in which the network instability is due to impairment (AS path corruption) to a common underlying physical path associated with the prefixes or common router in the path to/from the prefixes).
Referring to claim 19, Ogielski teaches the method of claim 12, further comprising: determining if a geolocation of the at least one new ASN is different from that of the associated prefix (see table 1; paragraphs [030], [060]), feature vector includes a geolocation of the prefix in which alarm is triggered (determining) when a condition occurs such as Prefix P was advertised as originated by an unauthorized AS in which data is queried by AS numbers (new ASN).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 2-8 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Salmi in view of Ogielski.
Referring to claim 2, Salmi teaches the method of claim 1, but fails to disclose removing at least one Multi-Originated AS (MOAS) prefix in response to the at least one new origin being seen by all peers of the at least one new origin.
However, Ogielski teaches removing at least one Multi-Originated AS (MOAS) prefix in response to the at least one new origin being seen by all peers of the at least one new origin (see paragraphs [070]), [081], server detects multiple origin (MOAS) prefixes in which provider map displays origin ASes and the near portion of the routes to the selected prefix that were observed over the selected period of time from peers and in which list of prefixes is edited by deleting (removing) prefixes)
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Salmi, to include removing at least one Multi-Originated AS (MOAS) prefix in response to the at least one new origin being seen by all peers of the at least one new origin, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Referring to claim 3, Salmi teaches the method of claim 1 expressly lacks removing at least one prefix from the plurality of prefixes originated by the at least one new origin within a fixed period of time.
However, Ogielski teaches removing at least one prefix from the plurality of prefixes originated by the at least one new origin within a fixed period of time (at the time of prefix alarm configuration, the list of more-specifics and the list of origin ASes is initialized on the basis of the analysis of the BGP UPDATEs received from peers over a preceding time period, such as four weeks (fixed period of time) in which the list is edited by deleting (removing) prefixes; paragraphs [080], [081]). 
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Salmi, to include removing at least one prefix from the plurality of prefixes originated by the at least one new origin within a fixed period of time, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Referring to claim 4, Salmi teaches the method of claim 3 but expressly lacks wherein the fixed period of time is one month. 
However, Ogielski teaches wherein the fixed period of time is one month (four weeks (one month); paragraph [080].
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of SALMI, to include wherein the fixed period of time is one month, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Referring to claim 5, Salmi discloses the method of claim 1, but expressly lacks removing at least one prefix from the remaining prefixes in the plurality of prefixes, the at least one prefix associated with the at least one new origin and having a BGP relationship with an origin older than the at least one new origin. 
However, Ogielski teaches removing at least one prefix from the remaining prefixes in the plurality of prefixes (the list is edited by deleting (removing) prefixes; paragraph (00811), the at least one prefix associated with the at least one new origin and having a BGP relationship with an origin older than the at least one new origin (a listing of network prefixes is originated by the given AS in which a neighbor information is viewed in a tabular format, where rows indicate the most recent appearance of each neighborhood  relation in BGP messages;  see paragraphs ([074]), [075]). 
It  would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of SALMI, to include removing at least one prefix from the remaining prefixes in the plurality of prefixes, the at least one prefix associated with the at least one new origin and having a BGP relationship with an origin older than the at least one new origin, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Referring to claim 6, Salmi teaches the method of claim 1 but expressly lacks removing at least one prefix from the remaining prefixes in the plurality of prefixes, the at least one prefix associated with a covering prefix originated by the at least one new origin.
However, Ogielski teaches removing at least one prefix from the remaining prefixes in the plurality of prefixes (the list is edited by deleting (removing) prefixes (plurality of prefixes); paragraph [081]), the at least one prefix associated with a covering prefix originated by the at least one new origin (a listing of network prefixes is originated (new origin) by the given AS in which a provider map identifies one or more prefixes covering the selected prefix; paragraphs [070]), [074]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of SALMI, to include removing at least one prefix from the remaining prefixes in the plurality of prefixes, the at least one prefix associated with a covering prefix originated by the at least one new origin, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Referring to claim 7, Salmi teaches the method of claim 1 but expressly lacks removing at least one prefix announced by the at least one new origin from the remaining prefixes in the plurality of prefixes, the at least one prefix announced for an organization and the at least one new origin previously announcing at least one other prefix  for the organization. 
However, Ogielski  discloses removing at least one prefix announced by the at least one new origin from the remaining prefixes in the plurality of prefixes (a listing of network prefixes is originated (new origin) by the given AS in which the list is edited by deleting (removing) prefixes; paragraphs (0074), [00811), the at least one prefix announced for an organization and the at least one new origin previously announcing at least one other prefix for the organization (a listing of network prefixes is originated (new origin) by the given AS which are announced, in which certain network prefixes (one other prefix) are associated with a single organization; paragraphs (0064), (0074), (01051). 
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Salmi, to include wherein removing at least one prefix announced by the at least one new origin from the remaining prefixes in the plurality of prefixes, the at least one prefix announced for an organization and the at least one new origin previously announcing at least one other prefix for the organization, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Referring to claim 8, Salmi teaches the method of claim 1, but expressly lacks comparing registration and country-level geolocation of an AS number and each prefix in the plurality of prefixes.
However, Ogielski teaches comparing registration and country-level geolocation of an AS number and each prefix in the plurality of prefixes (prefixes in a set formed with the feature vectors are correlated (comparing) such that a subset of prefixes having one or more common features is identified that include the geolocation of the network prefix, such as a country, the organization that registered the network prefix, the autonomous system of network service providers that originated a route to the prefix in which queries are by AS numbers; paragraphs [0060], [0111]. [0112]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Salmi, to include wherein comparing registration and country-level geolocation of an AS number and each prefix in the plurality of prefixes, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Referring to claim 10, Salmi discloses the method of claim 9 but expressly lacks analyzing an initial AS path fragment included in a BGP announcement; detecting an anomaly in a downstream transit cone based on the analysis; and determining a traceroute latency for the anomaly.
However, Ogielski teaches analyzing an initial AS path fragment included in a BGP announcement ((a route to the prefix is originated by the autonomous system network service providers in which the BGP data messages are analyzed and connections are distinguished (analyzing) as announced path or withdrawn path (AS path fragment); paragraphs [0068], (0071], (0111]); detecting an anomaly in a downstream transit cone based on the analysis (downstream neighbors are those that appear farther (transit cone) to collection routers 108 in the AS PATH attributes of the BGP messages in which BGP update data is analyzed for routing activity such as route outages (anomaly); paragraphs [0068], (0075]); and determining a traceroute latency for the anomaly (routing activity such as route outages (anomaly) in which advertised prefix with longer (latency) AS path (traceroute) is determined; paragraphs [0068], [0085]).
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Salmi, to include wherein analyzing an initial AS path fragment included in a BGP announcement; detecting an anomaly in a downstream transit cone based on the analysis; and determining a traceroute latency for the anomaly, as taught in Ogielski, for the benefit of performing interactive routing analyses in real time.
Claims 15 is rejected under 35 U.S.C. 103 as being unpatentable over Ogielski in view of Retana, A et al. hereinafter "Retana", (US pub, 2012/0331555 A1)
Referring to claim 15, Ogielski teaches the method of claim 12, and Ogielski further discloses removing an ASN from each AS path (paragraphs [017], [060], [112], for each network prefix whose paths are being advertised and/or withdrawn in BGP updates, an instability metric is computed in which queries are made by AS numbers (ASN) and in which an identified routing alarm is removed based on network prefixes that are in the identified subnet and are affected by BGP instability having a path via a particular autonomous system), and Ogielski teaches analyzing the AS path to detect routing hijacks (routing problems (hijack) are detected (analyzing) in which whether the connections represent an announced path or a withdrawn AS path is determined and ; see paragraphs ([012], [071]).
Ogielski fails to disclose single-digit ASN. RETANA discloses single-digit ASN (autonomous system have identifier AS1 (single digit); paragraph [007]). 
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the method of Ogielski to include removing a single-digit ASN from each AS path, as taught in Retana, for the benefit of effectively performing a defensive procedure in an autonomous system to avoid cyber-attacks.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The examiner also requests, when responding to this office action, support be shown for language added to any original claims on amendment and any new claims. That is, indicate support for newly added claim language by specifically pointing to page(s) and line no(s) in the specification and/or drawing figure(s). This will assist the examiner in prosecuting the application. Applicant is advised to clearly point out the patentable novelty which he or she thinks the claims present, in view of the state of the art disclosed by the references cited or the objections made. He or she must also show how the amendments avoid such references or objections See 37 CFR 1.111 (c).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFTAB N. KHAN whose telephone number is (571)270-5172.  The examiner can normally be reached on Monday-Friday 8AM-5PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton Burgess can be reached on 571-272-3949.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AFTAB N. KHAN/
Primary Examiner, Art Unit 2454