DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s argument, see Remarks, filed 07/28/2022, with respect to the rejection(s) of claims 9- 16 and 17-20 under 35 USC § 101 have been fully considered and the amendments overcome the rejections, therefore the rejections of the claims under 35 USC § 101 have been withdrawn.
The amendments to overcome the rejections of independent claims 1, 9 and 17 under 35 USC § 103 have been fully considered but are but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-16 are rejected under 35 U.S.C. 103 as being unpatentable over USPAT No. 7,155,500 B2 to Nikander, and further in view of USPAT No. 9,100,433 B2 to Takazoe 
Regarding claim 1:
Nikander discloses: 
A method of detecting a duplicate address attack in a computing network (col 4, lines 43-45: “…  a method of avoiding the duplication of IP addresses in an IP network when a new host attaches to the network.”), the method comprising: 
transferring a first address conflict check message (¶23: “sending a neighbor solicitation message from the new host to other hosts already attached to the access network.”); 
receiving a first address conflict check response message (col 4, lines 52-54: “receiving a neighbor advertisement message at the new host from each other host claiming to own said IP address”);
in response to receiving the first address conflict check response message, performing intelligent Duplicate Address Detection (DAD) to determine if the duplicate address attack is detected (col 4, lines 59-67 to col 5, lines 1-2: “for each received neighbour advertisement message … combining the component(s) and/or derivatives of the component(s) using said coding function; and … comparing the result or a derivative of the result against the interface identifier part of the IP address, wherein if the result or the derivative matches the interface identifier the host from which the neighbour advertisement message is received is assumed to be authorized to use the IP address and if the result or its derivative does not match the interface identifier that host is assumed not to be authorised to use the IP address.”, col 6, lines 11-12: “FIG. 2 is a flow diagram showing a Duplicate Address Detection process…”), wherein the intelligent DAD comprises:
transferring at least one subsequent address conflict check message (col 5, lines 29-30: “sending a challenge to the host using said IP address as the destination address for the challenge”, Figure 3: “Verifier creates challenge and sends challenge to claimant at claimed Ip address”), wherein at least one of the at least one subsequent address conflict check message includes a secure random interface identifier (SRIID) (col 5, lines 37-39: “… said challenge is constructed by applying a one-way coding function to said IP address concatenated with a randomly generated number.”, col 13, lines 53-54: “… the random number is combined with the interface identifier to be verified …”, col 8, line 60: “Interface identifier:=  HASH (random|public key)”), wherein use of the SRIID is randomized (¶col 13, lines 53-56: “… the random number is combined with the interface identifier to be verified and the components, thereby allowing the same random number to be used repeatedly.”); 
if an address conflict check response message is received in response to a subsequent address conflict check request message including the SRIID, then the duplicate address attack is detected (col 4, lines 59-67 to col 5, lines 1-2: “for each received neighbour advertisement message … comparing the result or a derivative of the result against the interface identifier part of the IP address. … if the result or its derivative does not match the interface identifier that host is assumed not to be authorised to use the IP address.”); 
However, Nikander does not disclose the following limitation taught bt Takazoe: 
and if the duplicate address attack is detected (Takazoe, col 3, lines 10-17: “…  in a case where the terminal device transmits a message for detecting a duplicate address of an interface ID … and in a case where the interface ID included in the communication packet transmitted from the terminal device does not coincide with the interface ID stored in the storage …”), then reporting the duplicate address attack (Takazoe, col 3, lines 10-12: “… the terminal device transmits a message for detecting a duplicate address of an interface ID …”) to a monitoring server (Takazoe, Fig. 2: “controller 11”) (Takazoe, col 6, lines 43-45: “… the controller 11 functions as controller for monitoring and blocking an unauthorized IPv6 packet.”) and blocking a host associated with the duplicate address attack (Takazoe, col 3, lines 21-22: “… the controller blocks the communication packet.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Nikander to incorporate the functionality of the controller for monitoring and blocking an unauthorized IPv6 packet, as disclosed by Takazoe, such modification would protect the system from denial of service attack by monitoring and blocking malicious activities that try to block a host from getting an IP address.
Regarding claim 2:
The combination Nikander and Takazoe discloses: 
The method of claim 1, wherein performing the intelligent Duplicate Address Detection (DAD) further comprises: 
ignoring subsequent address conflict check response messages transferred from a host associated with the first address conflict check response message (Nikander col 12, lines 18-22: “… the attacker can now claim again to own the interface identifier, this time by simply replaying the NA which revealed H.sub.1. The rightful owner blocks this replay attack by revealing the previous H.sub.i value in the hash series.”, and see also Figure 2 and Figure 3 for the steps of performing duplicate address detection). 
Regarding claim 3:
The combination Nikander and Takazoe discloses:
The method of claim 2, wherein transferring the at least one subsequent address conflict check message further comprises: 
transferring the at least one subsequent address conflict check message configured to include the SRIID and a secret MAC address (Nikander, col 1, lines 40-43: “… The host may additionally use a link layer address to generate the interface identifier, the link layer address being for example a MAC layer address used by the access network.”, and col 13, lines 50-52: “Once the verifier has checked the interface identifier and the components, it sends a challenge to the address being verified.”).  
Regarding claim 4:
The combination Nikander and Takazoe discloses: 
The method of claim 2, further comprising: 
blocking the host associated with the address conflict check response message received in response to a subsequent address conflict check message including the SRIID (Nikander, col 4, line 67 to col 5, lines 1-2: “…  if the result, or its derivative, does not match the interface identifier that host is assumed not to be authorised to use the IP address.”, and see also Figure 3 “Verifier rejects message”).   
Regarding claim 5:
The combination Nikander and Takazoe discloses:
The method of claim 1, wherein the computing network comprises a wireless network (see Nikander col 1, lines 23-26: “MobileIP will be used in particular by those accessing the Internet via wireless mobile devices (connected … to wireless LANs and cellular telephone networks)”).  
Regarding claim 6:
The combination Nikander and Takazoe discloses:
The method of claim 1, wherein the computing network comprises multi-link subnets (see Nikander col 14, lines 59-62: “In the other scenario, the attacker and the actual generator of the components are on different links. Therefore, they will have different routing prefixes. … the original node and the attacker have different routable addresses …”).  
Regarding claim 7:
The combination Nikander and Takazoe discloses:
The method of claim 1, wherein the first address conflict check message comprises a multicast Neighbor Solicitation (NS) message, and wherein the first address conflict check response message comprises a multicast Neighbor Advertisement (NA) message (Nikander col 1, lines 49-58: “Once a host has generated a potential IP address, it sends a neighbour solicitation message … to the local link if the local link provides for local broadcast or multicast. ... If a host receiving the message recognizes the IP address … that host responds by sending to the soliciting host a neighbour advertisement.”).  
Regarding claim 8:
The combination Nikander and Takazoe discloses:
The method of claim 1 wherein the monitoring server comprises a System Log (SysLog) server (Takazoe, Fig. 2, “Storage unit 12”) (Takazoe, col 6, lines 5-10: “The storage unit 12 captures the information which the wireless terminal device 2 or the terminal device 4 communicates through the communication control apparatus 1, and stores various pieces of information including the prefix information, which are as shown in FIG. 3”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Nikander to incorporate the functionality of the controller for monitoring and blocking an unauthorized IPv6 packet, as disclosed by Takazoe, such modification would protect the system from denial of service attack by monitoring and blocking malicious activities that try to block a host from getting an IP address.
Regarding claim 9:
Nikander discloses:
A system to detect a duplicate address attack in a computing network (col 6, lines 11-12: “… a Duplicate Address Detection process in the network of FIG. 1”), wherein the system comprises hardware components (see Figure 1 for hardware components, col 6, lines 20-22: “… a number of user terminals or hosts 1 to 4 are coupled to the Internet 5. Hosts 1 to 3 are coupled to the Internet 5 via an access node 6 of an access network 7.”), the system comprising: 
an intelligent Duplicate Address Detection (DAD) host (col 4, line 44: “… a new host …”) (col 4, lines 43-45: “… avoiding the duplication of IP addresses in an IP network when a new host attaches to the network.”, col 4, line 46-: “generating an Interface Identifier at the new host …”), wherein the intelligent DAD host comprises: 
a communication interface (col 1, line 35: “… access interface …”) configured to transfer a first address conflict check message (col 4, lines 52-54: “sending a neighbor solicitation message from the new host to other hosts already attached to the access network.”); 
the communication interface configured to receive a first address conflict check response 
message (col 4, lines 55-57: “receiving a neighbor advertisement message at the new host from each other host claiming to own said IP address”);  
in response to receiving the first address conflict check response message a processor configured to perform intelligent Duplicate Address Detection (DAD) (col 4, lines 59-67 to col 5, lines 1-2: “for each received neighbour advertisement message … combining the component(s) and/or derivatives of the component(s) using said coding function; and … comparing the result or a derivative of the result against the interface identifier part of the IP address, wherein if the result or the derivative matches the interface identifier the host from which the neighbour advertisement message is received is assumed to be authorized to use the IP address and if the result or its derivative does not match the interface identifier that host is assumed not to be authorised to use the IP address.”, col 6, lines 11-12: “FIG. 2 is a flow diagram showing a Duplicate Address Detection process…”), wherein the intelligent DAD comprises: 
transferring at least one subsequent address conflict check message (col 5, lines 29-30: “sending a challenge to the host using said IP address as the destination address for the challenge”, Figure 3: “Verifier creates challenge and sends challenge to claimant at claimed Ip address”), wherein at least one of the at least one subsequent address conflict check message includes a secure random interface identifier (SRIID) (col 5, lines 37-39: “… said challenge is constructed by applying a one-way coding function to said IP address concatenated with a randomly generated number.”, col 13, lines 53-54: “… the random number is combined with the interface identifier to be verified …”, ¶65: “Interface identifier:=  HASH (random|public key)”), wherein use of the SRIID is randomized (col 13, lines 53-56: “… the random number is combined with the interface identifier to be verified and the components, thereby allowing the same random number to be used repeatedly.”); 
if an address conflict check response message is received in response to a subsequent address conflict check request message including the SRIID, then the duplicate address attack is detected col 4, lines 59-67 to col 5 lines 1-2: “for each received neighbour advertisement message …comparing the result or a derivative of the result against the interface identifier part of the IP address. … if the result or its derivative does not match the interface identifier that host is assumed not to be authorised to use the IP address.”); and 
if the duplicate address attack is detected (col 4, line 67 to col 5, line 1: “… if the result or its derivative does not match the interface identifier …”), then the communication interface configured to:
Nikander does not disclose the following limitation taught by Takazoe:
 report the duplicate address attack (Takazoe, col 3, lines 10-12: “… the terminal device transmits a message for detecting a duplicate address of an interface ID …”) to a monitoring server (Takazoe, Fig. 2: “controller 11”) (Takazoe, col 6, lines 43-45: “… the controller 11 functions as controller for monitoring and blocking an unauthorized IPv6 packet.”) and block a host associated with the duplicate address attack (Takazoe, col 3, lines 21-22: “… the controller blocks the communication packet.”).
a monitoring server (Takazoe, Fig. 2: “controller 11”) (Takazoe, col 6, lines 43-45: “… the controller 11 functions as controller for monitoring and blocking an unauthorized IPv6 packet.”);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Nikander to incorporate the functionality of the controller for monitoring and blocking an unauthorized IPv6 packet, as disclosed by Takazoe, such modification would protect the system from denial of service attack by monitoring and blocking malicious activities that try to block a host from getting an IP address.
Regarding claim 10:
The combination of Nikander and Takazoe discloses:
The system of claim 9, further comprising: 
an intelligent switch configured to blocking subsequent address conflict check response messages transferred from a host associated with the first address conflict check response message (Nikander col 12, lines 18-22: “… the attacker can now claim again to own the interface identifier, this time by simply replaying the NA which revealed H.sub.1. The rightful owner blocks this replay attack by revealing the previous H.sub.i value in the hash series.”, and see also Figure 2 and Figure 3 for the steps of performing duplicate address detection).  
Regarding claim 11:
The combination of Nikander and Takazoe discloses:
The system of claim 10, further comprising: 
the communication interface configured to transfer the subsequent address conflict check message, wherein the subsequent address conflict check message is configured to include the SRTTD and a secret MAC address (Nikander, col 1, lines 40-43: “… The host may additionally use a link layer address to generate the interface identifier, the link layer address being for example a MAC layer address used by the access network.”, and col 13, lines 50-52: “Once the verifier has checked the interface identifier and the components, it sends a challenge to the address being verified.”).  
Regarding claim 12:
The combination of Nikander and Takazoe discloses:
The system of claim 9, wherein the computing network comprises a wireless network (see Nikander col 1, lines 23-26: “MobileIP will be used in particular by those accessing the Internet via wireless mobile devices (connected … to wireless LANs and cellular telephone networks)”).  
Regarding claim 13:
The combination of Nikander and Takazoe discloses:
The system of claim 9, wherein the computing network comprises multi-link subnets (see Nikander col 14, lines 59-62: “In the other scenario, the attacker and the actual generator of the components are on different links. Therefore, they will have different routing prefixes. … the original node and the attacker have different routable addresses …”).  
Regarding claim 14:
The combination of Nikander and Takazoe discloses:
The system of claim 9, wherein the first address conflict check message comprises a multicast Neighbor Solicitation (NS) message (Nikander 1, lines 49-53: “Once a host has generated a potential IP address, it sends a neighbour solicitation message … to the local link if the local link provides for local broadcast or multicast. ...”).  
Regarding claim 15:
The combination of Nikander and Takazoe discloses:
The system of claim 9, wherein the first address conflict check response message comprises a Neighbor Advertisement (NA) message message (Nikander col 1, lines 55-58: “... If a host receiving the message recognizes the IP address … that host responds by sending to the soliciting host a neighbour advertisement.”).  
Regarding claim 16:
The combination of Nikander and Takazoe discloses:
The system of claim 9, wherein the monitoring server comprises a System Log (SysLog) server (Takazoe, Fig. 2, “Storage unit 12”) (Takazoe, col 6, lines 5-10: “The storage unit 12 captures the information which the wireless terminal device 2 or the terminal device 4 communicates through the communication control apparatus 1, and stores various pieces of information including the prefix information, which are as shown in FIG. 3”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Nikander to incorporate the functionality of the controller for monitoring and blocking an unauthorized IPv6 packet, as disclosed by Takazoe, such modification would protect the system from denial of service attack by monitoring and blocking malicious activities that try to block a host from getting an IP address.
Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nikander in view of Takazoe, and further in view of USPAT No. 10,063,675 B1 to Thomas et al. (hereinafter “Thomas”), 
Regarding claim 17:
Nikander discloses:
An intelligent switch (col 13, line 42: “The verifier …”) to detect a duplicate address detection attack (see Figure 3 where verifier functions as an intelligent switch, “verifier creates challenge and sends challenge to claimant … verifier receives response … verifier rejects message or verifier accepts claim”) in a computing network, 
a communication interface (col 1, line 35: “… access interface …”) configured to detect a Neighbor Advertisement (NA) message (col 4, lines 55-57: “receiving a neighbor advertisement message at the new host from each other host claiming to own said IP address …”); 
a processor configured to determine the NA message contains a secret Random Interface Identifier (SRIID) (Nikander, col 4, lines 62-63: “comparing the result or a derivative of the result against the interface identifier part of the IP address …”, col 6, lines 11-12: “FIG. 2 is a flow diagram showing a Duplicate Address Detection process…”), and
in response to determining the NA message contains the SRIID, the processor configured to determine an IP address associated with the NA message (Nikander, col 4, lines 55-57: “receiving a neighbour advertisement message at the new host from each other host claiming to own said IP address”), and the communication interface configured to block all subsequent NA messages from the determined IP address (Nikander col 4, line 67 to col 5, lines 1-2: “…  if the result, or its derivative, does not match the interface identifier that host is assumed not to be authorized to use the IP address.”, and see also Figure 3 “Verifier rejects message”)
However, Nikander does not explicitly disclose the following limitation taught by Takazoe: 
report the duplicate address detection attack (Takazoe, col 3, lines 10-12: “… the terminal device transmits a message for detecting a duplicate address of an interface ID …”) to a monitoring server (Takazoe, Fig. 2: “controller 11”) (Takazoe, col 6, lines 43-45: “… the controller 11 functions as controller for monitoring and blocking an unauthorized IPv6 packet.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Nikander to incorporate the functionality of the controller for monitoring and blocking an unauthorized IPv6 packet, as disclosed by Takazoe, such modification would protect the system from denial of service attack by monitoring and blocking malicious activities that try to block a host from getting an IP address.
However, the combination of Nikander and Takazoe does not explicitly disclose the following limitations taught by Thomas: 
wherein the intelligent switch comprises a physical switch (Thomas, col 2, line 33: “… (IRB) device …”, col 2, lines 48-52“… the IRB device may perform duplicate address detection to determine whether any host devices, connected to the IRB device via the initial layer 2 interface, use the same network address (e.g., Internet protocol (IP) address) that the IRB device uses for the layer 3 interface.”), 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Nikander and Takazoe to incorporate the functionality of the integrated routing and bridging (IRB) device to perform duplicate address detection, as disclosed by Thomas, such modification would provide the system to realize the duplication address detection method and selectively maintain or reject address requests based on performing duplicate address detection. 
Regarding claim 18:
The combination of Nikander, Takazoe and Thomas, discloses:
The intelligent switch of claim 17, further configured to: 
pass the NA message containing the SRIID to a host that transmitted a Neighbor Solicitation (NS) message that the NA message is in response to (Nikander col 10, lines 63-65: “… reception of a Neighbor Advertisement packet claiming that some other node already "owns" the identifier.”); or 
block the NA message containing the SRIID (Nikander col 4, line 67 to col 5, lines 1-2: “…  if the result, or its derivative, does not match the interface identifier that host is assumed not to be authorized to use the IP address.”, and see also Figure 3 “Verifier rejects message”).  
Regarding claim 19:
The combination of Nikander, Takazoe and Thomas, discloses:
The intelligent switch of claim 17, wherein in response to determining the NA message contains the SRIID, the communication interface is further configured to block subsequent data packets from a MAC address associated with the NA message containing the SRIID (Nikander, col 1, lines 40-43: “… The host may additionally use a link layer address to generate the interface identifier, the link layer address being for example a MAC layer address used by the access network.”, and col 13, lines 50-52: “Once the verifier has checked the interface identifier …, it sends a challenge to the address being verified.”, col 4, lines 62-67 to col 5, lines 1-2: “comparing the result or a derivative of the result against the interface identifier part of the IP address. … if the result or its derivative does not match the interface identifier that host is assumed not to be authorised to use the IP address.”).  
Regarding claim 20: 
The combination of Nikander, Takazoe and Thomas discloses: 
The intelligent switch of claim 17, wherein in response to determining the NA message contains the SRIID, the communication interface is further configured to block a port over which the NA message containing the SRIID was received (Nikander, col 4, line 67 to col 5, lines 1-2: “…  if the result, or its derivative, does not match the interface identifier that host is assumed not to be authorised to use the IP address.”, and see also Figure 3 “Verifier rejects message”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Yun et al.  (US-PGPUB No. 20050271032-A1)- disclosed an address providing method comprising: (a) generating an address that can be used in communication through every one of multiple interfaces based on information regarding a predetermined interface amount the multiple interfaces complying with different communication standards; and (b) transmitting the address generated in (a) to a mobile station in which the multiple interfaces are loaded.
Christenson et al.  (US-PGPUB No. 2013/0166737-A1)- disclosed a method, system and computer program product for detecting duplicate IP addresses. The method, system and computer program product include identifying a list of DHCP clients that have valid IP address leases from one or more DHCP servers.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M.H./Examiner, Art Unit 2491                                                                                                                                                                                                        
/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491