DETAILED ACTION
The claims 1-16 are pending in this application.  This is a non-final office action in response to Application Number 17/315,046 filed on 7 May 2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1 and 16 recite the limitation "the direct interface" in the fourth limitation of claim 1 and in the fifth limitation of claim 16.  There is insufficient antecedent basis for this limitation in the claims.  For purposes of examination, examiner interprets “the direct interface” as referring to “the private service interface” which is provided by the direct interconnect.  The dependent claims 2-15 do not resolve this antecedent basis issue and are also rejected for the same reasons based on their dependency on claim 1.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 


Claims 1-16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-11, 14-17, and 20 of U.S. Patent No. 11,005,736. Although the claims at issue are not identical, they are not patentably distinct from each other because of overlapping scope as illustrated in the table below.  

Application 17/315,046
US Patent 11,005,736
(Parent Patent)
Additional explanatory comments
1. A method for determining the traceability of network request traffic over a communications network for reducing strain in traffic processing resources, the method which comprises, 
    by a server:


                            the direct interconnect providing a private service interface between the predefined source and the server configured for receiving the network request traffic addressed from the predefined source, a defined pairings data of the predefined source with the direct interconnect stored in a storage as a network traffic almanac;




provisioning a public service interface on the communications network configured for 





    receiving the network request traffic addressed from the predefined source and from other sources, 

the public service interface separate from the direct interconnect;




receiving a first request traffic addressed from the predefined source via the direct interconnect;





processing the first request traffic by generating a first query response and sending the first query response via at least one of the direct and the public service interface 

receiving a second request traffic having an address of the predefined source via the public service interface;



consulting the defined paring data with the address to determine the second request traffic matches the predefined source; and 
de-prioritizing the processing of the second request traffic based on the second request traffic being received on the public service interface rather than on the direct interconnect by dynamically applying a prioritize criterion to the second request traffic before generating a second response traffic.









16. A server for determining the traceability of network request traffic over a communications network for reducing strain in traffic processing resources, the system comprising: a computer processor having a set of instructions stored on a storage for configuring the computer processor to: [perform claim 1’s method].


    by a server: 

[2. The method of claim 1, wherein the direct interconnect operating as a private service interface]
    utilizing a second interface with the network for facilitating network communication between the server and one or more other servers associated with at least one of the 
[20. The method of claim 1, wherein the second interface operates as a public service interface.]
    receiving a first request traffic addressed from the predefined source via the first interface, the first traffic request having an address associated with the predefined source in a first packet header of the first request traffic;    
    processing the first request traffic by generating a first query response and sending the first query response via at least one of the first interface and the second 
    receiving a second request traffic having the address associated with the predefined source via the second interface, the address contained in a second packet header of the second request traffic; 
    consulting the defined pairing data with the address to determine the second request traffic matches the address of the predefined source; and 
    de-prioritizing the processing of the second request traffic based on the second request traffic being received on the second interface rather than on the first interface by dynamically applying a prioritize criterion to the second request traffic before generating a second response traffic, such that said applying the prioritize criterion is performed without relying upon opening various layers of the packet and analyzing content of the various layers for errant content; wherein a content of the second response traffic is based on said applying the prioritize criterion.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to change the statutory class and that the same teachings would also apply.

















“private service interface” maps to the claimed “first interface”.  Claim 2 of the parent patent further describes a private service interface.  










“public service interface” maps to the claimed “second interface”.  Claim 20 of the parent patent recites “wherein the second interface operates as a public service interface.” 








“public service interface” maps to “second interface”





“the direct interconnect” maps to “the first interface” since the direct interconnect provides the private service interface which also maps to “first interface”





 “direct service interface” maps to “first interface”, “public service interface” maps to “second interface”






 “public service interface” maps to “second interface”












“direct interconnect” maps to “first interface” since the direct interconnect provides the private service interface which also maps to “first interface”, “public service interface” maps to “second interface”







2. The method of claim 1, wherein the direct interconnect operating as a private service interface is a physical interconnect as a direct layer-2 or layer-3 interconnect between the server and the predefined requester server.

3. The method of claim 1, wherein the direct interconnect is a logical network connection on a private network of the predefined source, the private network begin coupled to the communications network.
3. The method of claim 1, wherein the direct interconnect operating as a private service interface is a logical network connection on a private network of the predefined requester server, the private network coupled to the network.

4. The method of claim 1, wherein the direct interconnect is a logical network connection on the communications network.
4. The method of claim 1, wherein the direct interconnect operating as a private service interface is a logical network connection on the network.

5. The method of claim 1, wherein a DNS protocol is utilized to structure the first request traffic, the second query request traffic, the first response traffic and the second response traffic.
5. The method of claim 1, wherein a DNS protocol is utilized to structure the first request traffic, the second query request traffic, the first response traffic and the second response traffic.

6. The method of claim 2, wherein the server is an authoritative DNS server and the predefined source and the other sources are resolver DNS servers coupled to the communications network.
6. The method of claim 2, wherein the responder server is an authoritative DNS server and the requester server and the other requester servers are resolver DNS servers coupled to the communications network.

7. The method of claim 1, wherein the prioritization criterion is selected from the group consisting of: expected geographic location of the predefined source; expected network address or utilized network of the predefined source; type of resource record of the second request traffic; and current remaining bandwidth capacity of the public service interface.
7. The method of claim 1, wherein the prioritization criterion is selected from the group consisting of: expected geographic location of the predefined source; expected network address or utilized network of the predefined source; type of resource record of the second request traffic; and current remaining bandwidth capacity of the second interface.

8. The method of claim 1 further comprising the step of sending a prioritization notification to a network device associated with the predefined source as part of said de-prioritizing processing, the prioritization notification instructing de-prioritization of the network request traffic by the network device from the server for such network request traffic having identified packet header information the same as the second request traffic.
8. The method of claim 1, which further comprises sending a prioritization notification to a network device associated with the predefined source as part of said de-prioritizing processing, the prioritization notification instructing de-prioritization of the network request traffic by the network device from the server for such network request traffic having identified packet header information the same as the second request traffic.

9. The method of claim 1 further comprising the step of sending a prioritization notification to a network device associated with the server as part of said de-prioritizing processing, the prioritization notification instructing de-prioritization of the network request traffic by the network device from the server for such network request traffic having identified packet header information the same as the second request traffic.
9. The method of claim 1, which further comprises sending a prioritization notification to a network device associated with the server as part of said de-prioritizing processing, the prioritization notification instructing de-prioritization of the network request traffic by the network device from the server for such network request traffic having identified packet header information the same as the second request traffic.

10. The method of claim 1 further comprising using at least one DNS specific parameter as part of said de-prioritizing processing, such that the at least one DNS specific parameter is included in the defined pairings data.
10. The method of claim 1, which further comprises using at least one DNS specific parameter as part of said de-prioritizing processing, such that the at least one DNS specific parameter is included in the defined pairings data.


11. The method of claim 8, wherein said de-prioritizing processing includes dropping the second request traffic thereby making the second response traffic a null response.
11. The method of claim 8, wherein said de-prioritizing processing includes dropping the second request traffic thereby making the second response traffic a null response.

12. The method of claim 1 further comprising the step of provisioning the direct interconnect to provide the private service interface between a second predefined source and the server configured for receiving the network request traffic addressed from the second predefined source, a defined pairings data of the second predefined source with the direct interconnect stored in the storage as part of the network traffic almanac, wherein the network request traffic from both the predefined source and the second predefined source are communicated on the common direct interconnect.
14. The method of claim 1, which further comprises provisioning the direct interconnect to provide the first interface between a second predefined requester server associated with a second predefined source and the server receiving the network request traffic addressed from the second predefined source, a defined pairings data of the second predefined source with the direct interconnect stored in the storage as part of the network traffic almanac, wherein the network request traffic from both the predefined source and the second predefined source are communicated on the common direct interconnect.



“private service interface” maps to “first interface”
13. The method of claim 12, wherein the direct interconnect facilitates capacity management of bandwidth associated with the network request traffic addressed from both the predefined source and the second predefined source through utilization of differences in peak timing based on time zone differential of the predefined source and the second predefined source.
15. The method of claim 14, wherein the direct interconnect facilitates capacity management of bandwidth associated with the network request traffic addressed from both the predefined source and the second predefined source through utilization of differences in peak timing based on time zone differential of the predefined source and the second predefined source.

14. The method of claim 1 further comprising the step of provisioning a second direct interconnect to provide a second private service interface between a second predefined source and the server configured for receiving the network request traffic addressed from the second predefined source, a defined pairings data of the second predefined source with the second direct interconnect stored in the storage as part of the network traffic almanac, whereby the network request traffic from the predefined source and the second predefined source are separated by the server based on usage of either the private interface or the second private interface.

16. The method of claim 1, which further comprises provisioning a second direct interconnect to provide a third interface between a second predefined requester server associated with a second predefined source and the server receiving the network request traffic addressed from the second predefined source, a defined pairings data of the second predefined source with the second direct interconnect stored in the storage as part of the network traffic almanac, whereby the network request traffic from the predefined source and the second predefined source are separated by the server based on usage of either the first interface or the third interface.




“second private service interface” maps to “third interface”











“private service interface” maps to the “first interface”, “second private service interface” maps to the “third interface”
15. The method of claim 1 further comprising dynamically monitoring the network traffic and adjusting the prioritization criteria based on analysis results of the monitoring.
17. The method of claim 1, which further comprises dynamically monitoring the network traffic and adjusting the prioritization criteria based on analysis results of the monitoring.




Allowable Subject Matter
Claims 7-13 and 15 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claims 1 and 16 recite “provisioning a direct interconnect on the communications network between the server and a predefined source” (see claim 1 lines 4-5, claim 16 lines 6-7).  However [0030] of the specification recites “The private service interface 34 is provisioned as a direct interconnect on the communications network 14, 16, 18 between the responder server 10 and a predefined requester server 10 for a specified source (e.g. source device 8) of the request traffic 30”, which is not described as a different embodiment and is therefore inconsistent with the limitation as claimed.  
Therefore, independent claims 1 and 16 are rejected under 35 USC 112(b) and dependent claims 2-15 are also rejected for the same reasons.

Claim 2 recites “the direct interconnect is a physical interconnect as a direct layer-2 or layer-3 interconnect between the server and a server of the predefined source”, which is inconsistent with the claim 1 limitation of “provisioning a direct interconnect on the communications network between the server and a predefined source,” and is therefore rejected under 35 USC 112(b).

Claim 6 recites “wherein the server is an authoritative DNS server and the predefined source and the other sources are resolver DNS servers coupled to the communications network”, which is inconsistent with the claim 1 limitation of “provisioning a direct interconnect on the communications network between the server and a predefined source”, and is therefore rejected under 35 USC 112(b).

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “providing a private service interface … configured for receiving the network request traffic address from the predefined source … provisioning a public service interface on the communications network configured for receiving the network request traffic addressed from the predefined source and from other sources” in claims 1 and 16.  Claim 14 recites “provide a second private service interface … configured for receiving the network request traffic”.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5, 14, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Statia et al. (U.S. Patent Publication 2009/0112814) in view of Rogers et al. (U.S. Patent 9,137,205).

Regarding claim 1, Statia disclosed a method for determining the traceability of network request traffic over a communications network for reducing strain in traffic processing resources, the method which comprises, by a server:
provisioning a direct interconnect (i.e. a secure connection) on the communications network between the server (i.e. the secure DNS server) and a predefined source (i.e. a company employee’s device), the direct interconnect (i.e. a secure connection) providing a private service interface between the predefined source and the server configured for receiving the network request traffic addressed from the predefined source (see Statia [0032]: in an example, a company may have a group of servers that may be used for secure sessions by employees. Each employee may access the company servers by first establishing a secure connection with the secure DNS server 110, authenticating with the secure DNS server 110, and receiving a network address for a company server, which may be a trusted server 116. After receiving the network address to the company server, each client may establish a connection with the company server), a defined pairings data of the predefined source with the direct interconnect stored in a storage (see Statia [0032]: “each client may establish a connection with the company server” means that an employee, having gone through the necessary authentication process, can set up a connection with the company server and communicate data back and forth over the connection. It also means data received from a user who did not set up a connection with the company server will not be forwarded to any of the company servers. Therefore it is inherent that the system maintains, i.e. stores, the “pairing information” of the address of the employee and the connection in order to facilitate the communication) as a network traffic almanac (see Statia [0030]: the secure DNS server 110 may reject or ignore communication requests from devices that have IP addresses outside of a predefined range of devices. Afterwards, the system inherently stores and maintains the correlation, i.e. pairing, between the employee devices and the respective connections, e.g. a network traffic almanac);
provisioning a public service interface (i.e. an Internet connection) on the communications network configured for receiving the network request traffic addressed from the predefined source and from other sources, the public service interface separate from the direct interconnect (see Statia Fig. 1 #102 client, #110/116/118/122 server, #104 Internet: The client device, i.e. the source, and the DNS servers are all connected to the Internet. Provisioning the interface is inherent);
receiving a first request traffic addressed from the predefined source via the direct interconnect (see Statia [0032]: The employee’s device may send a DNS request for a company server over the established connection from the secure DNS server and receive a network address for a trusted company server – returned by the secure DNS server via the established connection);
processing the first request traffic by generating a first query response and sending the first query response via at least one of the direct and the public service interface for communicating over the communications network to the predefined source (see Statia [0030]: the secure DNS server 110 may reject or ignore communication requests from devices that have IP addresses outside of a predefined range of devices. Afterwards, the system inherently stores and maintains the correlation, i.e. pairing, between the employee devices and the respective connections, e.g. a network traffic almanac, and each DNS server will only receive and process DNS requests sent from pre-configured employee devices over the respective secure connections (interface) while ignore, i.e. drop) any other DNS requests, such as a packet that has been received over an interface that is not among the already established secure connections (even with the source address of an employee device). In other words, a data packet sent by an employee device to a secure DNS server would be considered legitimate and acted upon if and only if the data packet is sent by the employee device (indicated by its source address), received the respective secure DNS server over the said connection established between the employee device and the respective secure DNS server. In other words, if the data packet sent by an employee device to a secure DNS server is received by the secure DNS server over an interface other than the above established connection, the data packet could not have come from the employee device as indicated by the “from” address of the data packet, and that its “from” address most likely has been “spoofed”.);
receiving a second request traffic having an address of the predefined source via the public service interface (see Rogers combination below);
consulting the defined paring data with the address to determine the second request traffic matches the predefined source (see Rogers combination below); and 
de-prioritizing the processing of the second request traffic based on the second request traffic being received on the public service interface rather than on the direct interconnect by dynamically applying a prioritize criterion to the second request traffic before generating a second response traffic (see Rogers combination below).

As shown above, Statia teaches establishing a secure connection between the responder server and the source device, and determining that, if the packet is received by the responder server with the “from” address being that of the source device (i.e., the source address) but over an interface other than the secure connection, the data must not have come from the source device as indicated by the “from” address of the data packet, and that the “from” address of the received data must have been “spoofed,” as otherwise the packet must have been received by the responder server over the established connection between the source device and the responder server.
However, Statia did not explicitly disclose “receiving a second request traffic having an address of the predefined source via the public service interface” (i.e. NOT via the private service interface), “consulting the defined paring data with the address to determine the second request traffic matches the predefined source”, and “de-prioritizing the processing of the second request traffic based on the second request traffic being received on the public service interface rather than on the direct interconnect by dynamically applying a prioritize criterion to the second request traffic before generating a second response traffic”.
	In a similar field of endeavor, Rogers teaches receiving at least one packet from the network, performing packet processing based on dynamic security policy that comprises dropping the at least one received packet (i.e. de-prioritizing the processing of the second request traffic) comprising a spoofed address (received at least one packet form the network; performing the at least one of the multiple packet transformation functions specified by the first dynamic security policy comprises dropping the at least one received packet comprising a spoofed source address: see Rogers claim 92).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Rogers for receiving at least one packet from the network and performing packet processing based on dynamic security policy that comprises dropping the at least one received packet comprising a spoofed source address.  The teachings of Rogers, when implemented in the Statia system, will enable receiving a second request traffic having an address of the predefined source NOT via the private service interface; consulting the defined pairing data with the address to determine the second request traffic matches the predefined source, and de-prioritizing the processing of the second request traffic based on the second request traffic being received on the public service interface rather than an the direct interconnect by dynamically applying a prioritize criterion to the second request traffic before generating a second response traffic. One of ordinary skill in the art before the effective filing date of the claimed invention would be motivated to utilize the teachings of Rogers in the Statia system in order to protect a secured network (see Rogers abstract).

Regarding claim 16, the claim contains the limitations, substantially as claimed, as described in claim 1 above and is rejected under Statia-Rogers according to the rationale provided above.  Statia-Rogers further disclosed a server for determining the traceability of network request traffic over a communications network for reducing strain in traffic processing resources, the system comprising: a computer processor having a set of instructions stored on a storage for configuring the computer processor to perform the method of claim 1 above (see Statia [0014]: instructions stored on a computer-readable storage medium to be executed by a processor).

Regarding claim 2, Statia-Rogers disclosed the method of claim 1, wherein the direct interconnect is a physical interconnect as a direct layer-2 or layer-3 interconnect between the server and a server of the predefined source (see Statia [0032]: DNS requests and DNS responses are exchanged between the server and the source, and possible other sources).

Regarding claim 5, Statia-Rogers disclosed the method of claim 1, wherein a DNS protocol is utilized to structure the first request traffic, the second query request traffic, the first response traffic and the second response traffic (see Statia [0032]: DNS requests and DNS responses are exchanged between the server and the source, and possible other sources).

Regarding claim 14, Statia-Rogers disclosed the method of claim 1 further comprising repeating the provisioning step for a second direct interconnect, a second private service interface, and a second predefined source, i.e. the step of provisioning a second direct interconnect to provide a second private service interface between a second predefined source (e.g. a second company employee’s device) and the server configured for receiving the network request traffic addressed from the second predefined source (see Statia [0032]: each employee may access the company servers by establishing a secure connection with the secure DNS server 110, authenticating with the secure DNS server 110), a defined pairings data of the second predefined source with the second direct interconnect stored in the storage (see Statia [0032]: “each client may establish a connection with the company server” means that an employee, having gone through the necessary authentication process, can set up a connection with the company server and communicate data back and forth over the connection. It also means data received from a user who did not set up a connection with the company server will not be forwarded to any of the company servers. Therefore it is inherent that the system maintains, i.e. stores, the “pairing information” of the address of the employee and the connection in order to facilitate the communication) as part of the network traffic almanac (see Statia [0030]: the secure DNS server 110 may reject or ignore communication requests from devices that have IP addresses outside of a predefined range of devices. Afterwards, the system inherently stores and maintains the correlation, i.e. pairing, between the employee devices and the respective connections, e.g. a network traffic almanac), whereby the network request traffic from the predefined source and the second predefined source are separated by the server based on usage of either the private interface or the second private interface (see Statia [0034]: secure connections and there is only one secure access point for each secure network).

Claims 3-4 are rejected under 35 U.S.C. 103 as being unpatentable over Statia-Rogers as applied to claim 1 above, and further in view of Gupta et al. (U.S. Patent Publication 2019/0238504).

Regarding claim 3, Statia-Rogers disclosed the invention, substantially as claimed, as described in claim 1 above, but did not explicitly disclose “wherein the direct interconnect is a logical network connection on a private network of the predefined source, the private network begin coupled to the communications network”.  However in a similar field of endeavor, Gupta disclosed a secure virtual private network connection is provided between client 102 and server 106 (see claim 92, Fig. 1A #104 network).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Gupta for providing a secure virtual private network connection between the client and the server. The teachings of Gupta, when implemented in the Statia-Rogers system, would enable the direct interconnect being a logical network connection on a private network of the predefined requester server, the private network coupled to the network. One of ordinary skill in the art before the effective filing date of the claimed invention would be motivated to utilize the teachings of Gupta in the Statia-Rogers system in order to provide systems and methods for rewriting a URL in a message transmitted via a clientless SSL VPN session (see Gupta abstract).

Regarding claim 4, Statia-Rogers disclosed the invention, substantially as claimed, as described in claim 1 above, but did not explicitly disclose “wherein the direct interconnect is a logical network connection on the communications network.”  However in a similar field of endeavor, Gupta disclosed a secure virtual private network connection is provided between client 102 and server 106 (see claim 92, Fig. 1A #104 network).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Gupta for providing a virtual (logical) connection between the client and the server. The teachings of Gupta, when implemented in the Statia-Rogers system, would enable the direct interconnect being a logical network connection on the network. One of ordinary skill in the art before the effective filing date of the claimed invention would be motivated to utilize the teachings of Gupta in the Statia-Rogers system in order to provide systems and methods for rewriting a URL in a message transmitted via a clientless SSL VPN session (see Gupta abstract).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Statia-Rogers as applied to claim 2 above, and further in view of Salmela et al. (U.S. Patent Publication 2019/0223009).
Regarding claim 6, Statia-Rogers disclosed the invention, substantially as claimed, as described in claim 2 above, further wherein the server is an authoritative (see Salmela combination below) DNS server and the predefined source and the other sources are resolver DNS servers coupled to the communications network (see Statia [0023]: a client 102 may be connected to the Internet 104 or other network, including a local area network or a wide area network. The client 102 may have a secure name resolver 107 that may resolve a hostname address for a given hostname using a secure DNS server 110 in some cases | Statia claim 12: the client device of claim 10 said secure name resolver further adapted to: receive said first request for said first network address for said first device having a first name; look up said first name in said database; find said first entry in said database, said first entry comprising said first name and a second network address associated with a secure DNS server; attempt to establish an authenticated session with said secure DNS server using said second network address).  
Statia-Rogers did not explicitly disclose that the DNS server “is an authoritative DNS server”.  However in a similar field of endeavor, Salmela disclosed a query from a client first goes to the default DNS resolver of the client, which will query the authoritative DNS server of the operator (see [0077]: a query from a client that wishes to connect to a target device will first go to the default DNS resolver of the client, which will query the authoritative DNS server of the operator, which can give the final result to the query).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Salmela for a query from a client first going to the default DNS resolver of the client, which will query the authoritative DNS server of the operator.  The teachings of Salmela, when implemented in the Statia-Rogers system, would enable the server being an authoritative DNS server.  One of ordinary skill in the art before the effective filing date of the claimed invention would be motivated to utilize the teachings of Salmela in the Statia-Rogers system in order to provide systems and methods for registration of a device as a Network Application Function, NAF, in a Generic Bootstrapping Architecture, GBA (see Salmela abstract).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Angela Widhalm de Rodriguez whose telephone number is (571)272-1035. The examiner can normally be reached M-F: 6am-2:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on (571) 272-6967. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.M.W/Examiner, Art Unit 2452                                                                                                                                                                                                        22 February 2022



/Patrice L Winder/Primary Examiner, Art Unit 2452