DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/13/2022 has been entered.
 

Response to Amendment
The Amendment filed on 09/13/2022 has been entered. 
Double patenting rejection is maintained.
Claims 1-20 are pending of which claims 1, 8 and 15 are independent claims.

Response to Arguments
Applicant's arguments filed on 09/13/2022 have been fully considered but the arguments are essentially directed towards the newly introduced limitations and they are addressed in this Office Action, below.  

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-2, 7-8, 10-12 and 14-15 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-2, 4-6 and 10 of U.S. Patent No. 10044673 (hereinafter “PAT673”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1-2, 4-6 and 10 of PAT673 contain(s) every element of claims 1-2, 7-8, 10-12 and 14-15 of the instant application and the instant claims 1-2, 7-8, 10-12 and 14-15 are a broader version of claims 1-2, 4-6 and 10 of PAT673 and as such anticipate(s) claims 1-2, 7-8, 10-12 and 14-15 of the instant application (see table below). “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
16/853083 (instant application)
10044673

1. A method comprising:






establishing a privatized link between a network node and an origin server by assigning a plurality of network addresses to an origin server and configuring the network node and the origin server to mutually cycle through the plurality of network addresses, 

whereby the network node uses a selected network address of the plurality of network addresses to request content from the origin server; and




in response to an attack on the selected network address, selectively cycling through the plurality of network addresses mutually in the origin server and the network node to use as a new selected network address for requesting content from the origin server by the network node.

1. A method of protecting a website from attack, 
providing a content delivery network (CDN) having a set of content servers (CS) to provide content delivery on behalf of a set of participating content providers, at least one of the set of participating content providers sourcing content for delivery by the CDN from an origin server;
providing a set of private Internet Protocol (IP) addresses assigned to the origin server for communication between the CDN and the origin server;



transmitting a request for content from the CDN to the origin server using a first IP address selected from the set of private IP addresses;

receiving the content at the CDN from the origin server in response to the request for content;
identifying a malicious attack on the first IP address;
in response to identifying the malicious attack, selecting a second IP address from the set of private IP addresses;
subsequent to selecting the second IP address, transmitting a request for additional content from the CDN to the origin server using the second IP address; and

receiving the additional content at the CDN from the origin server in response to the request for additional content.

2. The method of claim 1 further comprising:
the network node comprises a content delivery network; and
sending a content request from the content delivery network to the origin server via the selected network address 
in response to receiving a request for the content that cannot be serviced by data cached at the content delivery network.


1. …providing a content delivery network (CDN) having a set of content servers (CS) … transmitting a request for content from the CDN to
the origin server using a first IP address selected from the set of private IP addresses
 
at least one of the set of participating content providers sourcing content for delivery by the CDN from an origin server
7. The method of claim 4, further comprising the plurality of network addresses include a set of non-contiguous internet protocol (IP) addresses assigned to the origin server as a group.
2. The method of claim 1, wherein the set of private IP addresses is noncontiguous.
8 (refer to claim 1)
5
10
5
11
4
12
10 and 11
14
6
15. A memory device storing instructions that, when executed, cause a processing system to perform a method comprising:
establishing a privatized link between a network node and an origin server by assigning a plurality of network addresses to an origin server and configuring the network node and the origin server to mutually cycle through the plurality of network addresses, whereby the network node uses a selected network address of the plurality of network addresses to request content from the origin server;

in response to an attack on the selected network address, selectively cycling through the plurality of network addresses mutually in the origin server and the network node to use as a new selected network address for requesting content from the origin server by the network node.
10. A method of supplying content to a content delivery network (CDN), comprising:

establishing a communication link between an origin server and the CDN using a first Internet Protocol (IP) address selected for the origin server from a set of private Internet Protocol (IP) addresses assigned to the origin server, the origin server to provide content to the CDN by responding to requests from the CDN directed to the first IP address;
determining that the first IP address is under attack;
in response to determining the first IP address is under attack, selecting a second IP address from the set of private Internet Protocol (IP) addresses assigned to the origin server; and
establishing a communication link between the origin server and the CDN using the second IP address for the origin server, the origin server to provide content to the CDN by responding to requests from the CDN directed to the second IP address.




Claims 1-6, 8, 10-12, 15-16 and 18-19 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1, 3, 8-9, 11, 13 and 16 of U.S. Patent No. 10630641 (hereinafter “PAT641”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1, 3, 8-9, 11, 13 and 16 of PAT641 contain(s) every element of claims 11-6, 8, 10-12, 15-16 and 18-19 of the instant application and the instant claims 1-6, 8, 10-12, 15-16 and 18-19 are a broader version of claims 1, 3, 8-9, 11, 13 and 16 of PAT641 and as such anticipate(s) claims 1-6, 8, 10-12, 15-16 and 18-19 of the instant application (see table below). “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).


16/853083 (instant application)
10630641
1. A method comprising:

establishing a privatized link between a network node and an origin server by assigning a plurality of network addresses to an origin server and configuring the network node and the origin server to mutually cycle through the plurality of network addresses,


whereby the network node uses a selected network address of the plurality of network addresses to request content from the origin server; and

in response to an attack on the selected network address, selectively cycling through the plurality of network addresses mutually in the origin server and the network node to use as a new selected network address for requesting content from the origin server by the network node.

1. A method of operating a content delivery network, the method comprising:
assigning a plurality of network addresses allocated to the content delivery network to an origin to establish a privatized link between the content delivery network and the origin, whereby the content delivery network uses a first network address of the plurality of network addresses as the network address of the origin when requesting content from the origin;
in a content server of the content delivery network, receiving requests for content potentially cached by the content server;

in response to the requests, transmitting origin requests to the origin using the first network address from the plurality of network addresses to obtain the requested content from the origin;
in response to an attack on the first network address, selecting a second network address from the plurality of network addresses based on a predetermined order; and
transmitting subsequent origin requests to the origin using the second network address to obtain the requested content from the origin.
2. The method of claim 1 further comprising:
the network node comprises a content delivery network; and
sending a content request from the content delivery network to the origin server via the selected network address in response to receiving a request for the content that cannot be serviced by data cached at the content delivery network.
1. … content delivery network … in response to the requests, transmitting origin requests to the origin using the first network address from the plurality of network addresses to obtain the requested content from the origin;
3. The method of claim 2 wherein transmitting the origin requests occurs in response to determining that the content cannot be served from the local cache.

3. The method of claim 1 further comprising:
assigning the plurality of network addresses to the origin server from a set of network addresses allocated to the network node.
1. …
assigning a plurality of network addresses allocated to the content delivery network to an origin
4. The method of claim 1 further comprising:
selectively cycling through the plurality of network addresses in a predetermined order.
1. …
selecting a second network address from the plurality of network addresses based on a predetermined order
5. The method of claim 4 further comprising:

the predetermined order is known to both the network node and the origin server; and
selectively cycling through the plurality of network addresses at both the network node and the origin server in response to the attack.
8. The method of claim 7 wherein:
…
the predetermined order is known to both the content delivery network and the origin; and
the content delivery network and the origin each mutually switch to a next predetermined network address from the plurality of network addresses in response to an attack on a current network address for the origin.
6. The method of claim 4, further comprising the predetermined order is a formulaic order.
9. The method of claim 1 wherein the predetermined order is a formulaic order.
8
11
10
11
11
11
12
16
15
11
16
11 and 16
18
11 and 13
19
11



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 8-12 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Afergan et al. (U.S. Publication No.: 2004/0010601, hereinafter Afergan) in view of Larson et al. (Pub. No.: US 2004/0103205, hereinafter Larson).
Regarding claims 1, 8 and 15: Afergan discloses A method comprising:
whereby the network node uses a selected network address of the plurality of network addresses to request content from the origin server (Afergan - [0038]: the managed service provider acquire a new (unpublished) IP address for the site and assign that new IP address to the existing site hardware. The CDN edge servers are then controlled via metadata settings to go the new IP address as needed. As contrasted with the “local” shield approach, the latter technique provides a “remote” shield wherein the origin server is on the Internet but only the managed service provider knows its IP address); 
However, Afergan doesn’t explicitly teach but Larson discloses
establishing a privatized link between a network node and an origin server by assigning a plurality of network addresses to an origin server (Larson - [0023]: a plurality of IP addresses are preassigned to each pair of communicating nodes in the network. [0026]: establishing a secure communication link between a first computer and a second computer over a computer network, such as the Internet … The secure communication link is a virtual private network communication link over the computer network. … the virtual private network can be based on a computer network address hopping regime that is used to pseudorandomly change computer network addresses) and configuring the network node and the origin server to mutually cycle through the plurality of network addresses (Larson - [0023]: Each pair of nodes agrees upon an algorithm for “hopping” between IP addresses (both sending and receiving), such that an eavesdropper sees apparently continuously random IP address pairs (source and destination) for packets transmitted between the pair), 
in response to an attack on the selected network address (Larson - [0021]: IP addresses may be changed in response to attacks), selectively cycling through the plurality of network addresses mutually in the origin server and the network node to use as a new selected network address for requesting content from the origin server by the network node (Larson - [0023]: Each pair of nodes agrees upon an algorithm for “hopping” between IP addresses (both sending and receiving), such that an eavesdropper sees apparently continuously random IP address pairs (source and destination) for packets transmitted between the pair). 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Afergan with Larson so that a secure communication link is established based on IP addresses and the IP address is selected based on shared algorithm in response to attack. The modification would have allowed the system to enhance security. 
Regarding claims 2 and 9: Afergan as modified discloses further comprising:
the network node comprises a content delivery network (Afergan - [0038]: The CDN edge servers); and
sending a content request from the content delivery network to the origin server via the selected network address (Afergan - [0024]: establishes a connection to another content server or an origin server to attempt to retrieve the requested object. See also [0008] for Internet Protocol (IP) address) in response to receiving a request for the content that cannot be serviced by data cached at the content delivery network (Afergan - [0024]: determines whether the requested object is present in the hot object cache or the disk storage. establishes a connection to another content server or an origin server to attempt to retrieve the requested object upon a cache miss).
Regarding claim 3 and 10: Afergan as modified discloses further comprising:
assigning the plurality of network addresses to the origin server from a set of network addresses allocated to the network node (Larson - [0031]: blocks of IP addresses are allocated to each node in the network. (This scalability will increase in the future, when Internet Protocol addresses are increased to 128-bit fields, vastly increasing the number of distinctly addressable nodes). Each node can thus use any of the IP addresses assigned to that node to communicate with other nodes in the network. Indeed, each pair of communicating nodes can use a plurality of source IP addresses and destination IP addresses for communicating with each other).
The reason to combine is similar as claim 1.
Regarding claims 4 and 11: Afergan as modified discloses further comprising:
selectively cycling through the plurality of network addresses in a predetermined order (Larson - [0023]: Each pair of nodes agrees upon an algorithm for “hopping” between IP addresses (both sending and receiving), such that an eavesdropper sees apparently continuously random IP address pairs (source and destination) for packets transmitted between the pair).
The reason to combine is similar as claim 1.
Regarding claims 5, 12 and 16: Afergan as modified discloses further comprising:
the predetermined order is known to both the network node and the origin server (Larson - [0132]: Each communicating pair of nodes in a chain participating in any session stores two blocks of IP addresses, called netblocks, and an algorithm and randomization seed for selecting, from each netblock, the next pair of source/destination IP addresses that will be used to transmit the next message. See also [0129]); and selectively cycling through the plurality of network addresses at both the network node and the origin server in response to the attack (Larson - [0021]: IP addresses may be changed in response to attacks. [0023]: Each pair of nodes agrees upon an algorithm for “hopping” between IP addresses (both sending and receiving), such that an eavesdropper sees apparently continuously random IP address pairs (source and destination) for packets transmitted between the pair).
The reason to combine is similar as claim 1.

Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Afergan et al. (U.S. Publication No.: 2004/0010601, hereinafter Afergan) in view of Larson et al. (Pub. No.: US 2004/0103205, hereinafter Larson) and Huang et al. (CN1707957A, hereinafter Huang).
Regarding claim 6 and 13: Afergan as modified doesn’t explicitly teach but Huang discloses further comprising the predetermined order is a formulaic order (Huang - [Page 6, Line 38-40]: Store address=initial address-[((k-1) * I)+t-1]).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Afergan, Larson with Huang so that the order of address can be arranged and selected using formula. 

Claims 7, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Afergan et al. (U.S. Publication No.: 2004/0010601, hereinafter Afergan) in view of Larson et al. (Pub. No.: US 2004/0103205, hereinafter Larson) and Singhal (Patent No.: US 8,464,334).
Regarding claim 7, 14: Afergan as modified doesn’t explicitly teach but Singhal discloses further comprising the plurality of network addresses include a set of non-contiguous internet protocol (IP) addresses assigned to the origin server as a group (Singhal - [Col. 7, Line 8-11]: As illustrated in FIG. 4, RIP Sec 30 function A in the border routers 18 and 20 creates a plurality of random order IP address lists 12. These lists 12 may be created in any number of ways by randomly ordering a large subset of IP addresses).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Afergan and Larson with Singhal so that a set of IP addresses is non-contiguous. The modification would have allowed the system to create a large subset of IP addresses in random order (Singhal - [Col. 7, Line 10-11]).

Claims 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Afergan et al. (U.S. Publication No.: 2004/0010601, hereinafter Afergan) in view of Larson et al. (Pub. No.: US 2004/0103205, hereinafter Larson) and Krischer et al. (Pub. No.: US 2015/0042792, hereinafter Krischer).
Regarding claim 17: Afergan as modified doesn’t explicitly teach but Krischer discloses cause the processing system to perform the method further comprising:
returning to a first selected network address from the plurality of network addresses once the attack has stopped (Krischer - [0023]: the logic in AP 104 is further operable to take corrective action. For example, the logic in AP 104 selectively re-allocates IP addresses previously assigned to the device 102 (for example return them to the available address pool and/or re-assign them to other devices))..
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Afergan and Larson with Krischer so that the previous addresses can be returned to the available pool and re-assign to devices (Krischer - [0023]). 
Regarding claim 18: Afergan as modified discloses cause the processing system to perform the method further comprising:
the network node comprises a content delivery network (Afergan - [0038]: The CDN edge servers); and
sending a content request from the content delivery network to the origin server via the selected network address (Afergan - [0024]: establishes a connection to another content server or an origin server to attempt to retrieve the requested object. See also [0008] for Internet Protocol (IP) address) in response to receiving a request for the content that cannot be serviced by data cached at the content delivery network (Afergan - [0024]: determines whether the requested object is present in the hot object cache or the disk storage. establishes a connection to another content server or an origin server to attempt to retrieve the requested object upon a cache miss).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Afergan et al. (U.S. Publication No.: 2004/0010601, hereinafter Afergan) in view of Larson et al. (Pub. No.: US 2004/0103205, hereinafter Larson) and Krischer et al. (Pub. No.: US 2015/0042792, hereinafter Krischer).
Regarding claim 19: Afergan as modified discloses when executed, cause the processing system to perform the method further comprising:
assigning the plurality of network addresses to the origin server from a set of network addresses allocated to the network node (Larson - [0031]: blocks of IP addresses are allocated to each node in the network. (This scalability will increase in the future, when Internet Protocol addresses are increased to 128-bit fields, vastly increasing the number of distinctly addressable nodes). Each node can thus use any of the IP addresses assigned to that node to communicate with other nodes in the network. Indeed, each pair of communicating nodes can use a plurality of source IP addresses and destination IP addresses for communicating with each other).
The reason to combine is similar as claim 15.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Afergan et al. (U.S. Publication No.: 2004/0010601, hereinafter Afergan) in view of Larson et al. (Pub. No.: US 2004/0103205, hereinafter Larson), Krischer et al. (Pub. No.: US 2015/0042792, hereinafter Krischer) and Singhal (Patent No.: US 8,464,334).
Regarding claim 20: Afergan as modified doesn’t explicitly teach but Singhal discloses wherein the plurality of network addresses include a set of non-contiguous internet protocol (IP) addresses assigned to the origin server as a group (Singhal - [Col. 7, Line 8-11]: As illustrated in FIG. 4, RIP Sec 30 function A in the border routers 18 and 20 creates a plurality of random order IP address lists 12. These lists 12 may be created in any number of ways by randomly ordering a large subset of IP addresses).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Afergan, Larson and Krischer with Singhal so that a set of IP addresses is non-contiguous. The modification would have allowed the system to create a large subset of IP addresses in random order (Singhal - [Col. 7, Line 10-11]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Ogata (Pub. No.: US 2012/0191836) - Ip address managing method, program thereof, network communication device
Steiner et al. (Pub. No.: US 2015/0281331) - Server initiated multipath content delivery
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Ali Abyaneh can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437