Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 7-16 are subject to examination.  
Claims 1-6 are cancelled.  

Specification
The amended title dated 3/10/22 is acknowledged. 

Drawings
The figure(s) submitted on 3/10/22 over figure(s) submitted the filing date of this application are acknowledged. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claim(s) 7, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron et al., 20190182266 in view of Castmo et al., 20190274089 and Lee et al., 20160248682.
Referring to claim(s) 7, Doron discloses a method comprising: deploying a distributed denial of service (DDoS) detection engine (implementation of DDoS engine for detection between source and destination entities, para 50, 76) between a node and other components of a mobile communication infrastructure (between source and destination entities of the mobile network, 635, figure 6);

    PNG
    media_image1.png
    631
    837
    media_image1.png
    Greyscale



    PNG
    media_image2.png
    570
    826
    media_image2.png
    Greyscale

determining if the network packet has attribute that came too soon from an originating user equipment (UE) to the components of the mobile communication infrastructure (taking an action related to attack after deciding whether the packet header is arrived when it is not supposed to arrive from the user device, para 55, and flooding, para 64). Doron does not specifically mention about, which is well-known in the art, which Castmo discloses, Evolve Node B (eNB) (DDos detection device between eNB and mobile control entities, Multiple eNBs, ANs MBCs/CNFG, para 100, 43. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill 
Doron and Castmo do not specifically mention about, which is well-known in the art, which Lee discloses, control plane or a data plane (para 53), a flood packet (para 64, along with an Evolve Node B (eNB), para 81, 93). 

    PNG
    media_image3.png
    603
    803
    media_image3.png
    Greyscale


    PNG
    media_image4.png
    577
    854
    media_image4.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known control or data plane in a cellular communication system. Control-plane signaling and user-plane messages would be communicated to a network with evolved packet. A control plane would enable conveying control signals. A user plane would convey user data (user-plane messages). The flooding of packets in the system would be prevented based on policy enforcement, para 81, 93 .

Claim(s) 8, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron in view of Castmo, Lee and Vengalil et al., 2017/0026405.
Referring to claim(s) 8, Doron, Vengalil, Castmo and Lee do not specifically mention about, which is well-known in the art, which Vengalil discloses a Stream Control Transmission Protocol (SCTP) . 

Claim(s) 9, 10, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron in view of Castmo, Lee, Vengalil and Preda et al., 2021/0329456.
Referring to claim(s) 9, Doron, Castmo, Vengalil and Lee do not specifically mention about, which is well-known in the art, which Preda discloses prior to the SCTP request packet reaching a Mobility Management Entity (MME) of the mobile communication infrastructure, determining whether the SCTP request packet is a flood packet that came too soon from the originating UE based on an S1 Application Protocol Identifier (S1AP-ID) associated with the UE, para 88, 34

    PNG
    media_image5.png
    562
    591
    media_image5.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known MME Mobile Management along with eNB and eNB UE S1AP ID. All packets on S1AP may be identified with a unique identifier and would be expected to help in mapping the IPsec packets to S1AP packets. This would enable generating a globally unique UE ID, para 88, 34.

Referring to claim(s) 10, Preda discloses prior to the SCTP request packet reaching a Mobility Management Entity (MME) of the mobile communication infrastructure, determining whether the SCTP request packet is a flood packet that came too soon from the originating UE based on an S1 Application Protocol Identifier (S1AP- ID) associated with the UE, para 88, 34. 

Claim(s) 11, 12, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron in view of Castmo, Lee, Vengalil, Preda and XU et al., 2015/0296424.
Referring to claim(s) 11, Doron, Castmo, Vengalil, Preda and Lee do not specifically mention about, which is well-known in the art, which XU discloses determining, by the mobile network DDoS detection engine, whether the SCTP request packet was originated by a different S1AP-ID than previously observed and, if so, adding an entry including the different S1AP-ID to the hash table; and removing, by the mobile network DDoS detection engine, the table entry from the hash table when the entry times out, para 124. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing S1AP ID. All packets on S1AP may be identified with a unique identifier and would be expected to help in mapping the IPsec packets to S1AP packets. This would enable generating a globally unique UE ID. The hash table would enable maintaining S1AP-IDs that are not expired. A new S1AP-ID would be added and expired S1AP-ID would be removed to enable using a unique ID for respective session, para 124.

Referring to claim(s) 12, Lee discloses wherein the network packet of the data plane comprise a General Packet Radio Service (GPRS) Tunneling Protocol (GTP) user plane (GTP-U) encapsulated packet, para 123. 

Claim(s) 13, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron in view of Castmo and Chennupati et al., 20190387394.
Referring to claim(s) 13, Doron, Castmo, do not specifically mention about, which is well-known in the art, which Chennupati discloses determining, by the mobile network DDoS detection engine, whether the network packet is a flood packet directed to a Serving Gateway (SGW) of the mobile communication infrastructure and originated from a previously observed user equipment (UE) associated with the mobile communication infrastructure based on an Internet Protocol (IP) address of the UE, para 54. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known SWG, IP and UE for communicating packets. The SGSN (or SGW) have access to a unique identifier of the originating endpoint, even though the unique identifier is not used by devices in the public Internet, nor is it accessible to those devices.  Once the subscribed device/endpoint is registered, the determination is made by the policy to keep the traffic on the private network or route the traffic to the public Internet based on the destination IP address. When a flood packet(s) are detected, necessary action would be taken to implement the policy, para 54.

Claim(s) 14, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron in view of Castmo, Chennupati and Krishna et al., 9251535.
Referring to claim(s) 14, Doron, Chennupati, Castmo, do not specifically mention about, which is well-known in the art, which Krishna discloses decapsulating layer 3, 4 or 7 of the GTP-U packet, col., 11, lines 14-29. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement . 

Claim(s) 15, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron in view of Castmo, Chennupati, Krishna and Liu et al., 2015/0333991.
Referring to claim(s) 15, Doron, Krishna, Chennupati, Castmo, do not specifically mention about, which is well-known in the art, which Liu discloses determining, by the mobile network DDoS detection engine, if the decapsulated GTP-U packet contains a same parameter type that is among one or more currently blocked header parameters; and when said determining is affirmative, dropping and logging, by the mobile network DDoS detection engine, the GTP-U packet, para 80, 113. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide well-known usage of decapsulating of the GTP-U packet. The decapsulation would enable processing exchanged traffic for detection of parameters which can prevent DDoS attack. When a same parameter type that is among a blocked header parameters, the packet can be blocked and the DDoS attack would be prevented, para 80, 113.

Claim(s) 16, is/are rejected under 35 U.S.C. 103 as being unpatentable over Doron in view of Castmo, Chennupati, Krishna, Liu and Hoffmann 20180302439.
Referring to claim(s) 16, Doron, Krishna, Liu, Chennupati, Castmo, do not specifically mention about, which is well-known in the art, which Hoffmann discloses wherein the header parameters are .

Response to Arguments
Applicant's arguments filed 3/10/22, pages 5, 6 have been fully considered but they are not persuasive.  Therefore, rejection of claims 7-16 is maintained. 
Regarding Applicant’s concern for the limitations of claim 7, “As originally filed, claim 7 sets forth a method that includes, inter alia, deploying a DDoS detection engine between an eNB and other components of a mobile communication infrastructure.”.
The limitations, “deploying a DDoS detection engine between an eNB and other components of a mobile communication infrastructure”, are rejected by combined teachings of Doron et al., 20190182266 in view of Castmo et al., 20190274089 and Lee et al., 20160248682.  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Doron discloses a method comprising: deploying a distributed denial of service (DDoS) detection engine (implementation of DDoS engine for detection between source and destination entities, para 50, 76) between a node and other components of a mobile communication infrastructure (between source and destination entities of the mobile network, 635, figure 6);

    PNG
    media_image1.png
    631
    837
    media_image1.png
    Greyscale

 intercepting, by the DDoS detection engine (for necessary update, S420, S430 S440, figure 4), a network packet of a transmitted from the node to one or more of the other components of mobile communication infrastructure (packet sent from the source to the mobile infrastructure components, para 67, 7); and 

    PNG
    media_image2.png
    570
    826
    media_image2.png
    Greyscale

determining if the network packet has attribute that came too soon from an originating user equipment (UE) to the components of the mobile communication infrastructure (taking an action related to attack after deciding whether the packet header is arrived when it is not supposed to arrive from the user device, para 55, and flooding, para 64). Doron does not specifically mention about, which is well-known in the art, which Castmo discloses, Evolve Node B (eNB) (DDos detection device between eNB and mobile control entities, Multiple eNBs, ANs MBCs/CNFG, para 100, 43. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known usage of eNB to transmit message to neighboring UEs. The eNB would enable transmitting of the message with a minimum loss and without using topology information, para 100, 43. 


    PNG
    media_image3.png
    603
    803
    media_image3.png
    Greyscale


    PNG
    media_image4.png
    577
    854
    media_image4.png
    Greyscale

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Doron to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known control or data plane in a cellular communication system. Control-plane signaling and user-plane messages would be communicated to a network with evolved packet. A control plane would enable conveying control signals. A user plane would convey user data (user-plane messages). The flooding of packets in the system would be prevented based on policy enforcement, para 81, 93.


Conclusion
One of ordinary skilled in the art would readily know that the claimed engine can be deployed anywhere in association with the claimed infrastructure. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571)272-3973.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available 

/HARESH N PATEL/Primary Examiner, Art Unit 2493