Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is responsive to communications regarding the applicant’s amendments and arguments, filed on 10/12/2021.
Claims 1-26 are pending.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/12/2021 has been entered.
 
Notice of Pre-AIA  or AIA  Status
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Response to Arguments and Amendments
Applicant's arguments filed on 10/12/2021 have been fully considered but they are not persuasive for the following reasons:
Applicant’s main argument is that combination of Zhao, Duca, Be’ery and/or Nadig does not teach one or more query-related rate-limiting parameters based at least in part on one or more query-
Examiner respectfully disagrees with the above argument. 
In response to Applicant’s above argument, it is noted that Be’ery teaches one or more query-related rate-limiting parameters based at least in part on one or more query-related structural features including levels of nesting or interrelationships, or a combination thereof, among at least content types and/or structures, at least in par. 0028 as follow: “Attribute identifiers 102 may also identify portions of application layer data carried by packets, such as an HTTP request message, an HTTP response message, a SQL query, etc. Each of the rules 150 may include one or more attribute IDs 102, and for each of the attribute IDs 102, a set of one or more attribute values 104. In some systems, each rule may also include detection logic 101 describing how the attribute identifiers 102 and attribute values 104 are to be used. For example, in some systems the detection logic 101 defines logic statements to define the relations within a pair of attribute IDs 102 and associated sets of attribute values 104 (e.g., only one of the values 104 must be found, all of the values 104 must be found, or none of the values 104 must be found), and/or to define the relations between different pairs of attribute IDs 102 and associated attribute values 104 (e.g., a first ID-value pair must be true AND a second ID-value pair must be true, a first ID-value pair must be true OR a second ID-value pair must be true). In some systems, the detection logic 101 instead defines how to find the portions of the traffic identified by the attribute identifiers 102. However, in some systems, the detection logic 101 and attributes 107 (including attribute identifiers 102 and associated attribute values 104) are combined into fewer fields.” Specifically, since SQL query comprising attributes that can be identified by relations, Be’ery clearly teach the claimed feature interrelationship.
.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-9, 11-18, 20-24, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Application Publication No. 20160381048 to Zhao et al. (hereinafter “Zhao”), U.S. Patent Application Publication No. 20180020002 to Duca et al. (hereinafter “Duca”), and further in view of U.S. Patent Application Publication No. 20140317738 to Be’ery et al. (hereinafter “Be’ery”).
As to claim 1, Zhao teaches a method of managing an endpoint, the endpoint capable of handling one or more queries formulated in a particular query language, the method comprising (computer implemented method in a system comprising processor, wherein the processor executes instructions stored in non-transitory computer readable storage medium, par. 0006, 0048-0056):

filtering at a proxy one or more queries designated to be handled by the endpoint based at least in part on the one or more control plane-determined query-related rate-limiting parameters (Fig. 1B, 5A, 5B, par. 0024, 0031-0033, 0044, filter requests based on Pattern Discovery Module 160), wherein the control plane, the proxy, and the endpoint comprise separate logical entities (Fig. 1B, 5A, 5B, par. 0024, separate logical entities such as Pattern Discovery Module 160, Filter 165 and Servers 110); and 
permitting the endpoint to handle any remaining queries after filtering at the proxy (Fig. 1B, 5A, 5B, par. 0024, 0031-0033, 0044, filtering and permitting requests based on Pattern Discovery Module 160, wherein permitted requests are processed at Servers 110).
However, Zhao does not explicitly teach wherein the control plane, the proxy and the endpoint comprise separate network addressable devices as claimed.
Duca teaches wherein the control plane, the proxy and the endpoint comprise separate network addressable devices (Fig. 1, par. 0086-88, 0101, 0121; control plane:  “client application 123” on client devices or blackbox devices such as a firewall, router, bridge, and the like that is installed or otherwise resides on a network server (company sever for example) serving the users 105; proxy: proxy servers 125; endpoint: application servers 135 of the destination website 130; separate network addressable devices using IP addresses)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Zhao with the teaching of Duca because they are in the same field of endeavor. One of ordinary skill in the art at the time of the invention would have been motivated to do so because the teaching of Duca would allow Zhao to “,,,to filter internet 
However, the combination of Zhao and Duca does not explicitly teach including levels of nesting or interrelationships, or a combination thereof, among at least content types and/or structures as claimed.
Be’ery teaches including levels of nesting or interrelationships, or a combination thereof, among at least content types and/or structures (par. 0028, relations attributes of SQL query/HTTP request/HTTP response.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of combination of Zhao and Duca with the teaching of Be’ery because they are in the same field of endeavor. One of ordinary skill in the art at the time of the invention would have been motivated to do so because the teaching of Be’ery would allow combination of Zhao and Duca to “allow for the automatic detection of continuously-changing attack variants and other "zero-day" attacks and the automatic creation of new security rules to prevent their continued use, and nearly eliminate the existence of a "vulnerability window" wherein applications and networks are vulnerable to new attacks during the portion of time between the first use of the new attack and the ultimate implementation of protections against the attack” (Be’ery, par. 0033)
As to claim 2, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1, wherein the filtering at the proxy the  one or more queries designated to be handled by the endpoint comprises filtering at the proxy one or more queries designated to be handled by the endpoint substantially in accordance with the one or more control plane-determined query-related rate-limiting parameters  (Fig. 1B, 5A, 5B, par. 0024, 0031-0033, 
As to claim 3, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1,  wherein the dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based at least in part on the one or more query-related structural features further includes dynamically determining, at the control plane (Fig. 1B, 5A, 5B, par. 0032-0034, 0043, 0044, dynamically determining requests at Pattern Discovery Module 160, including query related to rate of requests or rate of processing servers 110), the one or more query-related rate-limiting parameters based at least in part on one or more measurements of query-related resource consumption at the endpoint (par. 0032, 0043, i.e. “The pattern discovery module 160 can examine all the available HTTP header fields in those requests such as the request URL in a request line, User-Agent field, Referer Field, etc. For example, during an attack, the requests from the botnets can target some computationally intensive components of a server 110 and query them repeatedly; sometimes the requests can rotate their User-Agent field from a list of preconfigured user agents; and other times the requests show the same referrer in the Referer Field. All of these can become attack patterns and be discovered by the pattern discovery module 160”).
As to claim 4, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1,  , wherein the dynamically determining at the control plane comprises dynamically determining the one or more query-related rate-limiting parameters based at least in part on one or more measurements of query-related resource consumption at the endpoint (par. 0032, 0043, i.e. “The pattern discovery module 160 can examine all the available HTTP header fields in those requests such as the request URL in a request line, User-Agent field, Referer Field, etc. For example, during an attack, the requests from the botnets can target some 
As to claim 5, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1, wherein the any remaining queries comprises at least one query, and further comprising, after the filtering, delaying at the proxy the at least one remaining query to be handled at the endpoint so that processing thereof at the endpoint is delayed (Fig. 1B, 5A, 5B, par. par. 0032, 0034, 0036, 0043-0045, delaying query to be handled at the endpoint using Request Queue 175.)
As to claim 6, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1, wherein the dynamically determining, at a control plane, the one or more query-related rate-limiting parameters based at least in part on the one or more query-related structural features further includes dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based, at least in part, on one or more measurements of query-related performance (par. 0032, 0034, 0036, 0043-0045, i.e. “If there are requests queued, the DoS mitigation service 120 can determine if the latency (or queueing delays) in processing the requests is above a limit. If the latency is not above the limit, the DoS mitigation service 120 can proceed to 526. If latency is above the limit, the DoS mitigation service 120 can proceed to 523 and optionally alter one or more limits. For example, The DoS mitigation service 120 can monitor the server 110 latency, can estimate how many requests can be handled by the server 110 in a time period (e.g., a second) based on the latency, and can count the number of requests queued to be sent to the server 110. If the queued requests will take the server 110 more than a predetermined time period (e.g., three seconds) to handle, this means that there are too many requests for the server to handle and potentially the server 
As to claim 7, the rejection of claim 6 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 6, wherein the dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based at least in part on the one or more measurements of query-related performance comprises dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based at least in part on one or more measurements of query-related latency (par. 0032, 0034, 0036, 0043-0045, i.e. “If there are requests queued, the DoS mitigation service 120 can determine if the latency (or queueing delays) in processing the requests is above a limit. If the latency is not above the limit, the DoS mitigation service 120 can proceed to 526. If latency is above the limit, the DoS mitigation service 120 can proceed to 523 and optionally alter one or more limits. For example, The DoS mitigation service 120 can monitor the server 110 latency, can estimate how many requests can be handled by the server 110 in a time period (e.g., a second) based on the latency, and can count the number of requests queued to be sent to the server 110. If the queued requests will take the server 110 more than a predetermined time period (e.g., three seconds) to handle, this means that there are too many requests for the server to handle and potentially the server 110 is under attack. The DoS mitigation service 120 can automatically adjust the first and second thresholds used in the filter module 165, the first threshold to drop additional requests from a client and the second threshold to blacklist a client. The DoS mitigation service 120 can monitor the number of requests queued to the server 110. If more and more requests are queued, the two 
As to claim 8, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1, wherein the dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based at least in part on the one or more query-related structural features further includes dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based at least in part on one or more query-related statistical measurements generated at the proxy (par. 0032, 0034, 0036, 0043-0045, i.e. “In 526, if the request matches the current discovered attack pattern, the filter 165 can increase the client matching request counter (CMRC) by 1. In 528, the filter 165 can also blacklist the client 105 if the CMRC is greater than the blacklist limit. In 530, if the CMRC is greater than the filter limit, the filter 165 can filter the request, i.e., prevent the request from being transmitted to the server 110”).
As to claim 9, combination of Zhao, Duca and Be’ery teaches the method of claim 8. Be’ery further teaches wherein the dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based at least in part on the one or more query-related statistical measurements generated at the proxy comprises dynamically determining, at the control plane, the one or more query-related rate-limiting parameters based at least in part on the one or more query-related statistical measurements generated at the proxy substantially in real-time (Fig. 4-8, par. 0100-0106, i.e. “The depicted filtering phase 444 includes three sub-blocks. The first, block 744, includes updating a table maintained to include 1) the different User-Agent strings in recently reported alert packages, 2) a report count indicating how many times each User-Agent string was reported in the recently reported alert packages, and 3) a source count indicating how many different source IP addresses were included in the sets of packets carrying web application layer messages using each User-Agent string. Similar to FIG. 6, the determination of what is "recently reported" is left to configuration. Using this table, the 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of combination of Zhao and Duca with the teaching of Be’ery because they are in the same field of endeavor. One of ordinary skill in the art at the time of the invention would have been motivated to do so because the teaching of Be’ery would allow combination of Zhao and Duca to “allow for the automatic detection of continuously-changing attack variants and other "zero-day" attacks and the automatic creation of new security rules to prevent their continued use, and nearly eliminate the existence of a "vulnerability window" wherein applications and networks are vulnerable to new attacks during the portion of time between the first use of the new attack and the ultimate implementation of protections against the attack” (Be’ery, par. 0033)
As to claim 11, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1, wherein the filtering at the proxy the  one or more queries designated to be handled by the endpoint comprises filtering at more than one proxy one or more queries to be handled by the endpoint (Fig. 1A, 1B, 5A, 5B, par. 0014-0016, 0024, 0031-0033, 0044, filter requests based on Pattern Discovery Module 160).
 As to claim 12, the rejection of claim 1 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 1, wherein the endpoint comprises more than one origin server (Fig. 1A, par. 0014-0016).

As to claim 20, the rejection of claim 13 is hereby incorporated by reference, the combination of Zhao, Duca and Be’ery teaches the method of claim 13, wherein the proxy to comprise more than one proxy (Duca, Fig. 1, par. 0086-0088, proxy servers 125.)
Regarding claim 26, is essentially the same as claim 20, except that it sets forth the claimed invention as an article rather than an apparatus and rejected for the same reasons as applied hereinabove. 
Regarding claim 17, 22, 23, 24, is essentially the same as claim 1, 3, 6, 9, respectively, except that it sets forth the claimed invention as an article rather than an apparatus and rejected for the same reasons as applied hereinabove. 
Claims 10, 19 and 25 are is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhao, Duca, Be’ery, and further in view of U.S. Patent Application Publication No. 20180121026 to Nadig et al. (hereinafter “Nadig”).
As to claim 10, combination of Zhao, Duca and Be’ery teaches the method of 1. The combination of Zhao, Duca and Be’ery does not explicitly teach wherein the particular query language comprises GraphQL as claimed.
Nadig teaches wherein the particular query language comprises GraphQL (par. 0049, GraphQL)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of combination of Zhao, Duca and Be’ery with the teaching of Nadig because they are in the same field of endeavor. One of ordinary skill in the art at the time of the invention would have been motivated to do so because the teaching of Nadig would allow combination of Zhao, Duca and Be’ery to “provide techniques for rendering user-interface 
Regarding claim 19, is essentially the same as claim 10, except that it sets forth the claimed invention as an apparatus rather than a method and rejected for the same reasons as applied hereinabove. 
Regarding claim 25, is essentially the same as claim 10, except that it sets forth the claimed invention as an article rather than an apparatus and rejected for the same reasons as applied hereinabove. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANHTAI V TRAN whose telephone number is (571)270-5129.  The examiner can normally be reached on Monday through Thursday from 8:00 AM to 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fred Ehichioya can be reached on (571)272-4034.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANHTAI V TRAN/Primary Examiner, Art Unit 2168