DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/2/2021 has been entered.
	- Claims 1-3, 5-6, 8-13, 15-16, 18-23, 25-26, and 28-30 are allowed.
	- Claims 4, 7, 14, 17, 24 and 27 are cancelled.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
 	The following is an Examiner's statement of reasons for allowance:
- Following a telephonic interview held on 12/9/2021, Applicant’s representative Mr. Abhijit Adisesh authorized the Examiner’s amendment presented below in order to place the application in condition for allowance (see attached interview summary).
- The requested terminal disclaimers were filed and approved on 12/10/2021.
- In view of the claim amendments, Applicant’s arguments were found to be persuasive. The closest identified prior art of record including Smith, Agarwal and Huici, alone or in combination, do not teach or suggest all the features of independent claim 1, as each of the servers is assigned the same IP address using anycasting” and therefore does not teach each of the servers is assigned a dedicated IP address.
- In view of the above, independent claim 1 is deemed allowable. Claims 11 and 21 recite features similar to those recited in claim 31 and are therefore allowable for similar reasons. Claims 2-3, 5-6, 8-10, 12-13, 15-16, 18-20, 22-23, 25-26 and 28-30 depend on one of claims 1, 11 and 21 and are therefore allowable by virtue of their dependency.
 	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Examiner’s Amendment
 	The Examiner’s amendment presented below was authorized by Mr. Abhijit Adisesh following a telephonic interview held on 12/9/2021.
Please amend the claims as follows:

(Currently amended) A method of providing infrastructure protection for a server of a network organization comprising a plurality of servers, the method comprising:
announcing as an internet protocol (IP) address associated with the server, a public IP address allocated to the server by a scrubbing center network that maintains a plurality of public IP addresses, the public IP address serving as a first anycast address for the scrubbing center network and dedicated to the server, wherein the public IP address is announced using a border gateway protocol (BGP) on an edge router of the scrubbing center network, and wherein each of the plurality of public IP addresses is dedicated to a respective server of the plurality of servers;

determining, by the scrubbing center, whether the incoming network packet is legitimate; and
responsive to determining that the incoming network packet is legitimate:
modifying a header of the incoming network packet to indicate a spoofed IP address as a source IP address of the network packet the spoofed IP address dedicated to the server; and
 routing, by a processor, the incoming network packet to the server at a private IP address, wherein the spoofed IP address serves as a second anycast address for the scrubbing center network.

2.	(Previously presented) The method of claim 1, wherein a mapping of the public IP address to the private IP address is maintained between the scrubbing center network and the server.

3.	(Previously presented) The method of claim 2, further comprising:
receiving an encapsulated outgoing network packet from the server, wherein the encapsulated outgoing network packet is an outgoing network packet which has been encapsulated by the server with header information comprising the spoofed IP address as a destination address;
decapsulating the outgoing network packet to generate a decapuslated outgoing network packet by removing the encapsulation added by the server that includes the header information; and
transmitting the decapsulated outgoing network packet to the end user.

4.	(Canceled)

5.	(Original) The method of claim 3, wherein the decapsulating is performed by the processor at a scrubbing center nearest the server.

6.	(Previously presented) The method of claim 3, wherein the received encapsulated outgoing network packet is received at a network organization and routed external to the server. 

7.	(Canceled) 

8.	(Previously presented) The method of claim 1, wherein the IP address is announced by a scrubbing center of the scrubbing center network that is nearest to an end user.

9.	(Original) The method of claim 8, wherein the scrubbing center nearest the end user comprises one selected from the group consisting of geographically closest, lowest cost, healthiest, with the least congested route, and another distance measure.

10.	(Original) The method of claim 1, wherein the routing is executed using generic routing encapsulation.

11.	(Currently amended) An apparatus, comprising:
a memory to store an incoming network packet directed to a server of a network organization comprising a plurality of servers; and
a processor, operatively coupled to the memory, to:
announce as an internet protocol (IP) address associated with the server, a public IP address allocated to the server by a scrubbing center network that maintains a plurality of IP addresses, the public IP address serving as a first anycast address for the scrubbing center network and dedicated to the server, wherein the public IP address is announced using a border gateway protocol (BGP) on an edge router of the scrubbing center network, and wherein each of the plurality of public IP addresses is dedicated to a respective server of the plurality of servers;
receive, at a scrubbing center of the scrubbing center network, the incoming network packet intended for the server of the network organization identified using the public IP address 
determine, by the scrubbing center, whether the incoming network packet is legitimate; and
responsive to determining that the incoming network packet is legitimate:
modifying a header of the incoming network packet to indicate a spoofed IP address as a source IP address of the network packet the spoofed IP address dedicated to the server; and
 route the incoming network packet to the server at a private IP address, wherein the spoofed IP address serves as a second anycast address for the scrubbing center network.

12.	(Previously presented) The apparatus of claim 11, wherein a mapping of the public IP address to the private IP address is maintained between the scrubbing center network and the server.

13.	(Previously presented) The apparatus of claim 12, the processor further to:
receive an encapsulated outgoing network packet from the server, wherein the encapsulated outgoing network packet is an outgoing network packet which has been encapsulated by the server with header information comprising the spoofed IP address as a destination address;
decapsulate the outgoing network packet to generate a decapuslated outgoing network packet by removing the encapsulation added by the server that includes the header information; and
transmit the decapsulated outgoing network packet to the end user.

14.	(Canceled)

15.	(Original) The apparatus of claim 13, wherein the decapsulating is performed by the processor at a scrubbing center nearest the server.

16.	(Previously presented) The apparatus of claim 13, the processor further to receive the encapsulated outgoing network packet at a network organization and route the encapsulate outgoing network packet external to the server. 

17.	(Canceled) 

18.	(Previously presented) The apparatus of claim 11, wherein the IP address is announced by a scrubbing center of the scrubbing center network that is nearest to an end user.

19.	(Original) The apparatus of claim 18, wherein the scrubbing center nearest the end user comprises one selected from the group consisting of geographically closest, lowest cost, healthiest, with the least congested route, and another distance measure.

20.	(Original) The apparatus of claim 11, wherein the processor is further to route the incoming network packet using generic routing encapsulation.

21.	(Currently amended) A non-transitory computer readable storage medium having instructions encoded thereon that, when executed by a processor, cause the processor to:
announce as an internet protocol (IP) address associated with the server, a public IP address allocated to the server by a scrubbing center network that maintains a plurality of IP addresses, the public IP address serving as a first anycast address for the scrubbing center network and dedicated to the server, wherein the public IP address is announced using a border gateway protocol (BGP) on an edge router of the scrubbing center network, and wherein the server is one of a plurality of servers in a network organization and each of the plurality of public IP addresses is dedicated to a respective server of the plurality of servers;
receive, at a scrubbing center of the scrubbing center network, an incoming network packet intended for the server of the network organization identified using the public IP address 
determine, by the scrubbing center, whether the incoming network packet is legitimate; and
responsive to determining that the incoming network packet is legitimate:
modifying a header of the incoming network packet to indicate a spoofed IP address as a source IP address of the network packet the spoofed IP address dedicated to the server; and
route, by the processor, the incoming network packet to the server at a private IP address, wherein the spoofed IP address serves as a second anycast address for the scrubbing center network.

22.	(Previously presented) The non-transitory computer readable storage medium of claim 21, wherein a mapping of the public IP address to the private IP address is maintained between the scrubbing center network and the server.

23.	(Previously presented) The non-transitory computer readable storage medium of claim 22, the processor further to:
receive an encapsulated outgoing network packet from the server, wherein the encapsulated outgoing network packet is an outgoing network packet which has been encapsulated by the server with header information comprising the spoofed IP address as a destination address;
decapsulate the outgoing network packet to generate a decapuslated outgoing network packet by removing the encapsulation added by the server that includes the header information; and
transmit the decapsulated outgoing network packet to the end user.

24.	(Canceled)

25.	(Original) The non-transitory computer readable storage medium of claim 23, wherein the decapsulating is performed by the processor at a scrubbing center nearest the server.

26.	(Previously presented) The non-transitory computer readable storage medium of claim 23, the processor further to receive the encapsulated outgoing network packet at a network organization and route the encapsulate outgoing network packet external to the server. 

27.	(Canceled) 

28.	(Previously presented) The non-transitory computer readable storage medium of claim 21, wherein the IP address is announced by a scrubbing center of the scrubbing center network that is nearest to an end user.

29.	(Original) The non-transitory computer readable storage medium of claim 28, wherein the scrubbing center nearest the end user comprises one selected from the group consisting of geographically closest, lowest cost, healthiest, with the least congested route, and another distance measure.

30.	(Original) The non-transitory computer readable storage medium of claim 21, wherein the processor is further to route the incoming network packet using generic routing encapsulation.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285.  The examiner can normally be reached on Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434