DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on June 17, 2022 has been entered.
          This communication is in response to Application No. 16/409,517 filed on May 10, 2019 and the Request for continued examination (RCE) presented on June 17, 2022,  which amends claims 1 and 14, cancelled claims 5 and 18, added new claims 28-29 and presents arguments, is hereby acknowledged. Claims 1-4, 6-17 and 19-29 are currently pending and subject to examination.

Response to Arguments
      On pages 8-10 of the response filed June 17, 2022, Applicant’s addresses the 35 U.S.C. 103 rejection made on the December 21, 2021 Final Rejection. Applicant’s arguments, regarding the rejection under 35 U.S.C. 103, have been fully considered.
      On pages 9-10, Applicants argue that the combination of Bhogavilli and Jensen does not teach or suggest “extracting from the request routing mechanism a mapping that identifies: (a) one or more clients and (b) a selected service endpoint in the plurality of service endpoints, from which the one or more clients should obtain the service, according to the request routing mechanism; checking whether the packet is consistent with the mapping from the request routing mechanism, where said checking comprises checking that particular client is attempting to obtain service from a service endpoint other than the selected service endpoint in the mapping” as recited by amended Independent claim 1.
      Examiner agrees that the combination of Bhogavilli and Jensen does not teach or suggest “where said checking comprises checking that particular client is attempting to obtain service from a service endpoint other than the selected service endpoint in the mapping” as recited by amended Independent claim 1.
     However, the combination of Bhogavilli and Jensen does teach or suggest “extracting from the request routing mechanism a mapping that identifies: (a) one or more clients and (b) a selected service endpoint in the plurality of service endpoints, from which the one or more clients should obtain the service, according to the request routing mechanism; checking whether the packet is consistent with the mapping from the request routing mechanism,” as recited by amended Independent claim 1.
  Specifically, the examiner cited prior art reference Bhogavilli teaches “extracting from the request routing mechanism a mapping that identifies: (a) one or more clients and (b) a selected service endpoint in the plurality of service endpoints, from which the one or more clients should obtain the service, according to the request routing mechanism; checking whether the packet is consistent with the mapping from the request routing mechanism” as recited by amended Independent claim 1.
       Bhogavilli teaches extracting from the request routing mechanism a mapping that identifies: (a) one or more clients and (b) a selected service endpoint in the plurality of service endpoints, from which the one or more clients should obtain the service, according to the request routing mechanism;
      Bhogavilli describes plurality of application servers (e.g. service endpoints) configured to receive and service requests from clients and provide services to one or more clients and DNS system comprising DNS record (e.g. routing mechanism) assign one or more domain names hosted by application servers (e.g. service endpoints) through that route communications from clients to application servers and create lookup table (Bhogavilli: [paragraph 0022-0023, 0028, 0046]).
      Bhogavilli further describes obtaining (e.g. extracting) mapping from lookup table includes identifying a mapping client IP address from request DNS system comprising DNS record (e.g. routing mechanism) and assigned one or more domain names hosted by application servers (e.g. plurality of service endpoints) through that route communications from clients to application servers according to DNS record (e.g. routing mechanism) in lookup table (Bhogavilli: [paragraph 0022-0023, 0046, 0056, 0062]).
      Bhogavilli further teaches checking whether the packet is consistent with the mapping from the request routing mechanism,
       Bhogavilli describes client sending “clientHello” message through monitoring server or proxy server (e.g. enforcement point) to assigned application server (e.g. selected service endpoint) (Bhogavilli: [paragraph 0036, 0047, 0056]). Bhogavilli describes verifying by monitoring server or proxy server (e.g. enforcement point) whether request contains (e.g. consistent) in “clientHello” message and monitoring server or proxy server (e.g. enforcement point) receives the "ClientHello" message, it will recognize the IP address in the message as a whitelisted IP address and session ID of the client based on lookup table which includes whitelist client IP address and session ID of the client (Bhogavilli: [paragraph 0046-0047, 0056-0057]).
    However, Examiner agrees that the combination of Bhogavilli and Jensen does not teach or suggest “where said checking comprises checking that particular client is attempting to obtain service from a service endpoint other than the selected service endpoint in the mapping” as recited by amended Independent claim 1. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made as discussed below.
   Applicants argue claim 14 based on the arguments presented for Claim 1 at page 10 of the remarks. The same explanation is applicable to claim 14 as mentioned above with respect to claim 1.

Dependent claims 2-4, 6-13, 15-17 and 19-27
Applicant argues these claims conditionally based upon arguments presented for their parent claim(s). Applicant’s arguments are persuasive. However, a new ground of rejections may appear below. See the detailed explanation and rejection below.

New claims 28-29
    As per newly added claims 28-29, Applicants arguments have been fully considered. However, a new ground of rejection is made as discussed below.
 Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
  6.        Claims 1-4, 6, 10-17, 19 and 23-29 are rejected under 35 U.S.C. 103 as being unpatentable over Bhogavilli et al. (US 2012/0174196 A1); and further in view of Lee et al. (US 10348767 B1).
        Regarding Claim 1, Bhogavilli teaches a method for mitigating attacks against a distributed computing system ([paragraph 0011] describes a method for mitigating DoS and DDoS attacks against a system), 
       the distributed computing system providing a service from any of a plurality of service endpoints addressable over one or more computer networks and a request routing mechanism that directs clients to one or more service endpoints in the plurality of service endpoints to obtain service ([paragraph 0022-0023, 0028, 0046] describes plurality of application servers (e.g. service endpoints) configured to receive and service requests from clients and provide services to one or more clients and DNS system comprising DNS record (e.g. routing mechanism) assign one or more domain names hosted by application servers (e.g. service endpoints) through that route communications from clients to application servers (e.g. directs clients to one or more service endpoints) and create lookup table),
     the method comprising: extracting from the request routing mechanism a mapping that identifies: (a) one or more clients and (b) a selected service endpoint in the plurality of service endpoints, from which the one or more clients should obtain the service, according to the request routing mechanism ([paragraph 0022-0023, 0028, 0046] describes plurality of application servers (e.g. service endpoints) configured to receive and service requests from clients and provide services to one or more clients and DNS system comprising DNS record (e.g. routing mechanism) assign one or more domain names hosted by application servers (e.g. service endpoints) through that route communications from clients to application servers and create lookup table [paragraph 0022-0023, 0028, 0046] describes obtaining (e.g. extracting) mapping from lookup table includes identifying a mapping client IP address from request DNS system comprising DNS record (e.g. routing mechanism) and assigned one or more domain names hosted by application servers (e.g. plurality of service endpoints) through that route communications from clients to application servers according to DNS record (e.g. routing mechanism) in lookup table);
     sending the mapping to at least one enforcement point in the distributed computing system on a network path between the one or more clients and selected service endpoint ([paragraph 0025-0026, 0046, 0056] describes sending mapping client IP address to monitoring server or proxy server (e.g. enforcement point) located within network path between clients and assigned (e.g. selected) application server (e.g. selected service endpoint)), 
    subsequent to said receipt of the mapping, receiving a network packet sent from a particular client to the selected service endpoint ([paragraph 0046-0047, 0056, 0059] describes receiving the mapping and subsequently receiving a “clientHello” message (e.g. network packet) sent from client to assigned (e.g. selected) application server (e.g. selected service endpoint)); 
    based on one or more characteristics of the network packet and the identification of the one or more clients in the mapping, checking whether the network packet is consistent with the mapping from the request routing mechanism ([paragraph 0036, 0047] describes client sending “clientHello” message through monitoring server or proxy server (e.g. enforcement point) to application server (e.g. service endpoint) and the "ClientHello" message contains the SSL version and a list of cryptographic algorithms that the client can support (e.g. network packet characteristic) [paragraph 0046-0047, 0056-0057] describes verifying by monitoring server or proxy server (e.g. enforcement point) whether request contains in “clientHello” message and monitoring server or proxy server (e.g. enforcement point) receives the "ClientHello" message, it will recognize the IP address in the message as a whitelisted IP address and session ID of the client based on lookup table which includes whitelist client IP address and session ID of the client),
     and based at least in part on said checking: (i) if the particular client is mapped to the selected service endpoint for obtaining the service, passing the network packet ([paragraph 0046-0047, 0056, 0059] describes verifying that client IP address and session ID of the client is mapped to URL for assigned application server (e.g. selected service endpoint), Thereafter, all communications between application server and client may pass through monitoring server or proxy server (e.g. enforcement point)); 
     (ii) if the particular client is not mapped to the selected service endpoint for obtaining the service, taking an attack mitigation action against the client ([paragraph 0030-0031, 0046-0047, 0060] describes taking an attack mitigation action against the client if client fails to honor validation of mapping, blacklisting client  IP address and client may not be able to communicate message with application server (e.g. blocking the network packet) sending information to customer server system (e.g. a client reputation scoring system)). 
        Bhogavilli fails to teach where said checking comprises checking that particular client is attempting to obtain service from a service endpoint other than the selected service endpoint in the mapping; 
     However, Lee teaches where said checking comprises checking that particular client is attempting to obtain service from a service endpoint other than the selected service endpoint in the mapping ([col 20 line 51-col 21 line 10] describes end points (e.g. plurality service endpoints) and routing address having IP address of first end point that matches an entry in the static virtual routing table and checking that client is attempting to receive service from IP address associated with second end point against IP address of first end point according to selected service endpoint from static virtual routing table (e.g. obtain service from a service endpoint other than the selected service endpoint in the mapping), then connection should not provide to client [col 45 lines 20-36] describes static virtual routing table includes information associated with selected service endpoint for clients in routing and mapping tables));
         Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhogavilli to include where said checking comprises checking that particular client is attempting to obtain service from a service endpoint other than the selected service endpoint in the mapping as taught by Leen. One of ordinary skill in the art would be motivated to utilize the teachings of Bhogavilli in the Lee system in order to provide better cloud computing security to protect against attacks and reduce network vulnerability  (Lee: [col 1 lines 59-60]).
  
       Regarding Claim 2, the combination of Bhogavilli and Lee teaches the method, wherein the network packet is an IP packet, and the mapping comprises a set of one or more client IP addresses and a set of one or more IP addresses associated with the selected service endpoint (Bhogavilli: [paragraph 0049, 0056, 0062, 0074] describes message packet is an IP packet and mapping includes assign IP addresses to clients and assign IP addresses to assigned application servers (e.g. selected service endpoint)).

    Regarding Claim 3, the combination of Bhogavilli and Lee teaches the method of claim 2, wherein said checking the mapping, based on one or more characteristics of the network packet, comprises comparing the source IP address of the network packet to a client IP address of the mapping, and the destination IP address in the network packet to a service endpointIP address in the received mapping, and determining that the particular client is mapped to the selected service endpoint if both comparisons are matches (Bhogavilli: [paragraph 0046-0047, 0049, 0056, 0072, 0074] describes verifying that the "ClientHello" message as a whitelisted IP address and session ID of the client and source address of client IP address is mapped to IP address (e.g. destination address) of assigned application server (e.g. selected service endpoint) based on lookup table which includes whitelist client IP address and session ID of the client which are same (e.g. matches)).

     Regarding Claim 4, the combination of Bhogavilli and Lee teaches the method, wherein each of the plurality of service endpoints comprise a service application running on a service host (Bhogavilli: [paragraph 0022] describes one or more application servers (e.g. service endpoints) provide services to one or more clients or end users and application servers (e.g. service endpoints) may operate one or more applications or provide one or more public facing network services).

      Regarding Claim 6, the combination of Bhogavilli and Lee teaches the method, wherein said consistency check is performed only when an in progress attack is detected (Bhogavilli: [paragraph 0035, 0075] describes in response to a detected DoS attack, direct communication between application servers owned or operated by customer and clients has been disabled and if necessary, to undertake corrective action, such as the mitigation operation).

    Regarding Claim 10, the combination of Bhogavilli and Lee teaches the method, further comprising performing any of a translation, de- aggregation on the extracted mapping before sending the mapping (Bhogavilli: [paragraph 0046, 0049] describes performing Network Address Translation ("NAT") service on the obtained mapping before sending the mapping).

      Regarding Claim 11, the combination of Bhogavilli and Lee teaches the method, further comprising: for the duration of an in progress attack, the request routing mechanism repeatedly changing the mapping, and upon each change, the method repeating said extracting step (Bhogavilli: [paragraph 0072, 0074, 0076-0077] describes during attack, DNS system comprising DNS records (e.g. routing mechanism) modifying the mapping records and all steps are repeated).

       Regarding Claim 12, the combination of Bhogavilli and Lee teaches the method, wherein the request routing mechanism comprises a DNS system (Bhogavilli: [paragraph 0028, 0074] describes request routing mechanism includes DNS system).

        Regarding Claim 13, the combination of Bhogavilli and Lee teaches the method, wherein the particular client is mapped to another service endpoint, distinct from the selected service endpoint, for obtaining the service (Lee: [col 12 line 60-col 13 line 8] describes receiving request from client regarding a particular web service (e.g. particular client) then that client is mapped to second endpoint (e.g. another service endpoint) which is different from selected endpoint (e.g. selected service endpoint)).
     Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhogavilli to include wherein the particular client is mapped to another service endpoint, distinct from the selected service endpoint, for obtaining the service as taught by Lee. One of ordinary skill in the art would be motivated to utilize the teachings of Bhogavilli in the Lee system in order to provide  secure communications in a cloud computing environment (Lee: [col 1 lines 32-33]).

      Regarding claims 14-17, these claims contain limitations found within that of claims 1-4 and the same rationale to rejections are used.

     Regarding claim 19, this claim contains limitations found within that of claim 6 and the same rationale to rejection is used. 
      Regarding claims 23-25, these claims contain limitations found within that of claims 11-13 and the same rationale to rejections are used.

      Regarding Claim 26, the combination of Bhogavilli and Lee teaches the method, wherein the request routing mechanism generates the mapping at least in part to perform load balancing across the plurality of service endpoints (Lee: [col 62 lines 50-66] describes request routing generating the mapping to perform  load balancing across endpoints (e.g.  Plurality of service endpoints)).
      Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhogavilli to include request routing mechanism generates the mapping at least in part to perform load balancing across the plurality of service endpoints as taught by Lee. One of ordinary skill in the art would be motivated to utilize the teachings of Bhogavilli in the Lee system in order to  ensure that the endpoints are being used efficiently so that an endpoint is not being over-utilized while another endpoint is being underutilized (Lee: [col 62 lines 62-65]).

      Regarding claim 27, this claim contains limitations found within that of claim 26 and the same rationale to rejection is used.

       Regarding Claim 28, the combination of Bhogavilli and Lee teaches the method, wherein the mitigation action is selected from the group of actions that is: blocking the network packet; logging the network packet for further inspection; generating an alert about the packet; and, sending information about the particular client and the inconsistency to a client reputation scoring system (Bhogavilli: [paragraph 0030-0031, 0046-0047, 0060] describes mitigation action is selected from if client fails to honor validation of mapping, blacklisting client  IP address and client may not be able to communicate message with application server (e.g. blocking the network packet) and sending information to customer server system (e.g. a client reputation scoring system)).
   
    Regarding claim 29, this claim contains limitations found within that of claim 28 and the same rationale to rejection is used.    

7.      Claims 7-9 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Bhogavilli et al. (US 2012/0174196 A1); in view of Lee et al. (US 10348767 B1); and further in view of Holloway et al. (US 8646064 B1).
          Regarding Claim 7, the combination of Bhogavilli and Lee teaches the method, further comprising: the request routing mechanism (Bhogavilli: [paragraph 0035-0036, 0046] describes request DNS system comprising DNS record (e.g. routing mechanism) assign one or more domain names hosted by application servers (e.g. service endpoints) through that route communications from clients to application servers (e.g. directs clients to one or more service endpoints)),
        Bhogavilli and Lee fails to teach in response to an in-progress attack, initiating a change in the mapping.
       However, Holloway teaches in response to an in-progress attack, initiating a change in the mapping ([col 7 lines 1-12] describes upon detecting a potential attack directed to an IP address, initiate to change in the mapping).
     Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhogavilli/ Lee to include in response to an in-progress attack, initiating a change in the mapping as taught by Holloway. One of ordinary skill in the art would be motivated to utilize the teachings of Bhogavilli/ Lee in the Holloway system in order to identify and possible isolate the domain that is being targeted (Holloway: [col 7 lines 4-5]).

        Regarding Claim 8, the combination of Bhogavilli, Lee and Holloway teach the method of claim 7, wherein said change results in an updated mapping and said updated mapping is mutually exclusive with the prior mapping (Holloway: [col 15 lines 50-64]describes change in the mapping includes update in the mapping which is different (e.g. mutually exclusive) than original mapping).
      Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhogavilli/ Lee to include change results in an updated mapping and said updated mapping is mutually exclusive with the prior mapping as taught by Holloway. One of ordinary skill in the art would be motivated to utilize the teachings of Bhogavilli/ Lee in the Holloway system in order to detecting and mitigating denial-of-service (DoS) attacks in a cloud-based service (Holloway: [col 1 lines 18-20]).

      Regarding Claim 9, the combination of Bhogavilli, Lee and Holloway teach the method of claim 7, wherein the checking step considers the prior mapping as valid for a predetermined time period after the change (Holloway:[col 24 lines 26-54] describes checking that original mapping is valid for certain time period i.e. 1 hour (e.g. predetermined time period) after the change).
      Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhogavilli/ Lee to include considers the prior mapping as valid for a predetermined time period after the change as taught by Holloway. One of ordinary skill in the art would be motivated to utilize the teachings of Bhogavilli/ Lee in the Holloway system in order to detecting and mitigating denial-of-service (DoS) attacks in a cloud-based service (Holloway: [col 1 lines 18-20]).

    Regarding claims 20-22, these claims contain limitations found within that of claims 7-9 and the same rationale to rejections are used.

Conclusion
    The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
-   Ullmann et al., US 20020174362 A1, a system management framework monitors multiple sources of network packets within the distributed data processing system.
        Any inquiry concerning this communication or earlier communications from the examiner should be directed to MEHULKUMAR J SHAH whose telephone number is (571)272-1072. The examiner can normally be reached Mon-Fri, 6:05 am-3:55 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on 571-272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M.J.S/Examiner, Art Unit 2459              

/George C Neurauter, Jr./Primary Examiner, Art Unit 2459