Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is in reply to papers filed on 07/21/2021. Claims 1-20 are pending. Claims 1, 8, and 15 is/are independent.

Information Disclosure Statement
	The information disclosure statement(s) (IDS) submitted on 4/21/2021 and 7/21/2021 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner.

	
	
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-4, 7-11, 14-16, and 18-19 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,019,100 (U.S. Patent Application No. 16/207,423) in view of Agasaveeran et al. U.S. Patent No. 7484011 (hereinafter “Agasaveeran”). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of U.S. Patent No. 11,019,100 render obvious the claims of the present application. Claim 1-20 of U.S. Patent No. 11,019,100 contain most elements of claim 1 of the instant application, except the features of an application request to access an application and the registry storing application requests from handshake requests across a plurality of computing devices;.  
Agasaveeran at 1:33 teaches HTTP commands in connection requests for operating Web servers. Furthermore, Agasaveeran at 6:42-46 teaches providing a connection database to store information about connection requests and associated HTTP connection outcomes, multiple requestors 3:5, requestor (e.g., client 165) 8:17, and client computer systems 7:35-56.
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the method recited in claim 1 of U.S. Patent No. 11,019,100 to include 
receiving, by a computing device, a handshake request to establish a connection for an application request to access an application; 	identifying, by a computing device prior to one of rejecting or accepting the application request, that the application request is stored in a registry, the registry storing application requests from handshake requests across a plurality of computing devices, as taught by Agasaveeran, in order to improve the ability of the system to store the connection requests, and to determine whether there are repeats of connection requests indicating replay attack. In addition, Claims 1-20 of U.S. Patent No. 11,019,100 contain every element of claims 2-4, 7, 9-11, 14, 16, 18, and 19. Regarding the other independent claims, Agasaveeran discloses A system comprising: one or more processors, coupled to memory and configured to: at 14:26-43. Agasaveeran discloses A non-transitory computer readable medium storing program instructions for causing one or more processors to: at 14:48-66.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-7 and 16-20 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites “identifying, by a computing device prior to.” However, It is unclear whether a computing device is referring to the computing device previously introduced or a new computing device.
Claims 2-7 inherit the limitations of claim 1 and are also rejected for the same reasons.
Claim 16 recites “wherein the program instructions further cause the one or more processors to accept the handshake request to establish the connection while rejecting the application request” However, there is no antecedent basis for the program instructions, the one or more processors, the handshake request, the connection, and the application request. 
Claim 18 recites “the registry” However, there is no antecedent basis for the registry. 
Claim 20 recites “wherein the plurality of computing devices record to the registry at least each respective application request of the handshake requests.” However, there is no antecedent basis for the plurality of computing devices, the registry, and the handshake requests. 
Claims 17 and 19 inherit the limitations of claim 16 and are also rejected for the same reasons. Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 16 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 16 depends from claim 16, and cannot further limit the subject matter of itself.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements. For compact prosecution, claim 16 is interpreted as depending from claim 15, since there appears to be a typographical error in claim 16 for the claim dependency.
Claim 17 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 17 recites “wherein the program instructions further cause the one or more processors to one of reject or drop the handshake request responsive to determining to reject the application request”. However, claim 17 depends from claim 16 which recites “accept the handshake request”, thereby contradicting claim 16, and does not further limit the subject matter of claim 16.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.



Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	
Claims 1, 4, 7-8, 11, 14-16, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Agasaveeran et al. U.S. Patent No. 7484011 (hereinafter “Agasaveeran”) in view of Berger et al. U.S. Patent No. 5850446 (hereinafter “Berger”).
As per claim 1, Agasaveeran discloses 
A method [method for filtering HTTP server connections 3:39-41] comprising: 
receiving, by a computing device, a handshake request to establish a connection [receive connection request 5:29-30] for an application request [connection request has an application layer connection component, 5:30-31] to access an application [HTTP commands for operating Web servers, 1:33]; 	(See Agasaveeran 8:41-42 The connection requests are, for example, HTTP or HTTPS requests. 
)

Agasaveeran also disclosesstoring application requests [6:42-46 ] from multiple computing devices [requestors 3:57; requestor (e.g., client 165) 8:17; client computer systems 7:35-56], detecting attacks, and rejecting requests based on information from application request database [5:1-8]
Agasaveeran 5:15-53 (21) The connection database stores information about connection requests and application layer component outcomes. 1
 The system proceeds with an application layer connection if the throttle filter allows the transport layer component. The controller adds data about the application layer connection to the connection database ….the server connection is an HTTP server connection where the application layer connection component is an HTTP connection component and the transport layer connection component is a TCP connection component. 

Agasaveeran 11:12-13 blocking requests from illegitimate requestors

Agasaveeran 5:1-8 the list of connection request characteristics is a list of connection requestor IP addresses to be blocked as indicated by data from the connection database. In another arrangement, the list of connection request characteristics is a list of connection requestor port numbers in addition to IP addresses to be blocked as indicated by data from the connection database.

Agasaveeran 6:42-46 embedded system provides a connection database to store information about connection requests and associated HTTP connection outcomes.


	However, Agasaveeran does not expressly disclose 
identifying, by a computing device prior to one of rejecting or accepting the application request, that the application request is stored in a registry, the registry storing application requests from handshake requests across a plurality of computing devices and 
determining, by the computing device, to reject the application request responsive to identifying that the application request is stored in the registry.  

Berger discloses rejecting requests [thwart replay attacks 131:43 ] if the request is found in a database [still logged in the Gateway database 130:54-64], otherwise accepting the request [logon accepted, 62:26] 
(
Berger 132:23-26 ‘vPOS sends a request to the Gateway, the Gateway logs the SET key fields from the incoming attempt in the database.’ 
Berger 132:43-45 ‘The Gateway must handle replay attacks as outlined previously in this document. If the Gateway receives a request that it has already received from vPOS there could be several possible dispositions: ‘
[multiple gateways are disclosed, see 4:45, 64:50, 66:30-31 gateways]
Berger 130:54-64 ‘Gateway Analysis for SET Message Handling
Replay Attack Handling
A replay attack at the Gateway is a request where either:
a) the request is stale…….
b) the request is not stale but the exact rrpid (Request/Response Pair Id) has already been seen before in a request and still logged in the Gateway database. The <xid, mid, rrpid> tuple will be the primary key that determine whether a request had already been received.’
Berger 121:43-53 ‘FIG. 21……a multithreaded gateway engine…... The encrypted SET request is received at a decryptor 2120, …… Inside the forward converter 2124, decides if the request is an original request, and honest retry attempt or a replay attack.’
Berger 62:24-29 ‘In response to the logon request message from a vPOS, the Gateway may respond with a "logon accepted" message 1894, as depicted in FIG. 18E, which vPOS, upon receipt and authentication, then uses to unlock the terminal for that user.’
[The replay attack techniques taught in the Berger reference (e.g., at 132:1-17) are applicable to all the SET requests… which discloses application requests…]

).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Agasaveeran with the technique to thwart replay attacks by detecting repeated requests already found in database of Berger to include 
identifying, by a computing device prior to one of rejecting or accepting the application request, that the application request is stored in a registry, the registry storing application requests from handshake requests across a plurality of computing devices and 
determining, by the computing device, to reject the application request responsive to identifying that the application request is stored in the registry.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to detect and reject requests that are actually replay attacks. The system of the primary reference can be modified to utilize the connection requests that are stored in the database to detect replay attacks, and to reject or accept the connection requests based on the detection of replay attacks.
As per claim 4, the rejection of claim 1 is incorporated herein. 
Agasaveeran discloses 
accepting the handshake request to establish the connection while rejecting the application request.  
Agasaveeran 2:36-38 An HTTP server may reject an HTTP connection with or without an error response after the associated TCP connection is established.
Agasaveeran 2:18-19 TCP is a transport layer protocol and HTTP is an application layer protocol.
Agasaveeran 4:38-41 the connection request is an HTTP request where the application layer component is an HTTP connection component and the transport layer component is a TCP connection component.

As per claim 7, the rejection of claim 1 is incorporated herein. 
Agasaveeran discloses an application layer component of a received connection request
Agasaveeran 5:15-53 (21) The connection database stores information about connection requests and application layer component outcomes. The system proceeds with an application layer connection if the throttle filter allows the transport layer component. The controller adds data about the application layer connection to the connection database ….the server connection is an HTTP server connection where the application layer connection component is an HTTP connection component and the transport layer connection component is a TCP connection component. 

	However, Agasaveeran does not expressly disclose 
querying, by the computing device, the registry for the application request of the handshake request.  
Berger discloses querying a database to determine whether the request currently received has already been previously received
(
Berger 132:43-45 ‘The Gateway must handle replay attacks as outlined previously in this document. If the Gateway receives a request that it has already received from vPOS there could be several possible dispositions: ‘
Berger 130:54-64 ‘Gateway Analysis for SET Message Handling
Replay Attack Handling
A replay attack at the Gateway is a request where either:
a) the request is stale…….
b) the request is not stale but the exact rrpid (Request/Response Pair Id) has already been seen before in a request and still logged in the Gateway database. The <xid, mid, rrpid> tuple will be the primary key that determine whether a request had already been received.’
Berger 121:43-53 ‘FIG. 21……a multithreaded gateway engine…... The encrypted SET request is received at a decryptor 2120, …… Inside the forward converter 2124, decides if the request is an original request, and honest retry attempt or a replay attack.’
).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Agasaveeran with the technique for querying a database to determine whether the request currently received has already been previously received of Berger to include querying, by the computing device, the registry for the application request of the handshake request.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to detect and reject requests that are actually replay attacks. The system of the primary reference can be modified to utilize the connection requests that are stored in the database to detect repeats of requests which are replay attacks, and to reject or accept the connection requests based on the detection of replay attacks.

As per claim 8, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  
Claim 8 also recites A system comprising: one or more processors, coupled to memory and configured to:
Agasaveeran discloses A system comprising: one or more processors, coupled to memory and configured to:
14:26-43 (52) Other embodiments of the invention include a computer system, .. the memory system is encoded with a method for rate limiting and filtering HTTP(S) server connections that when performed on the processor, produces a process that causes the computer system to perform any and/or all of the method embodiments, steps and operations explained herein as embodiments of the invention.


As per claim 11, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.  
As per claim 14, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 7, and is/are rejected for the reasons detailed with respect to claim 7.  

As per claim 15, the claim(s) is/are directed to a non-transitory computer-readable with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  Claim 15 also recites, and Agasaveeran discloses, A non-transitory computer readable medium storing program instructions for causing one or more processors to:
14:48-66 (53) Other arrangements of embodiments of the invention that are disclosed herein include software programs to perform the method embodiment steps and operations summarized above …, a computer program product is disclosed which has a computer-readable medium including computer program logic encoded thereon that, when executed on at least one processor with a computerized device, causes the processor to perform the operations (e.g., the methods) indicated herein is considered an embodiment of the invention. Such embodiments of the invention are typically embodied as software, logic instructions, code and/or other data (e.g., data structures) arranged or encoded on a computer readable medium such as an optical medium (e.g., CD-ROM), floppy or hard disk 

As per claim 16, the claim(s) is/are directed to a non-transitory computer-readable with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.  
As per claim 18, the claim(s) is/are directed to a non-transitory computer-readable with limitations which correspond to limitations of claim 7, and is/are rejected for the reasons detailed with respect to claim 7.  

Claims 2 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Agasaveeran in view of Berger, further in view of Koushik et al. U.S. Publication 20160134616 (hereinafter “Koushik”).
As per claim 2, the rejection of claim 1 is incorporated herein. 
	However, the combination of Agasaveeran and Berger does not expressly disclose 
wherein the plurality of computing devices is intermediary to the requestor of the application and the application.  
Koushik discloses multiple computers serving as intermediaries between a client computing device and computing systems that service requests
 (See Koushik figure 4, where the data center computers 410 are situated in the network 404 as intermediaries between the client computing device 406 and other new entities 420
).
 [0065] In some embodiments, data center computers 410 and storage servers 407 may be considered to be logically grouped, regardless of whether the components, or portions of the components, are physically separate. For example, a service provider computer network 405 may maintain separate locations for providing the virtual desktop instances 414 and the storage components. Additionally, although the data center computers 410 are illustrated in FIG. 4 as logically associated with a PES platform 402, the data center computers 410 may be geographically distributed in a manner to best serve various demographics of its users. Additionally, one skilled in the relevant art will appreciate that the service provider computer network 405 may be associated with various additional computing resources, such additional computing devices for administration of content and resources, and the like. For example, the service provider computer network 405 (and/or various ones of the virtual desktop instances 414 implemented thereon) may be configured to communicate with other network entities 420 over communication network 404 or over another communication network (e.g., at least some of the virtual desktop instances 414 may include a network interface usable to access one or more other network entities 420 that is separate and distinct from to a network interface that is usable to communicate with client computing device 406). These other network entities 420 may include, for example, other client networks or computing devices thereof, computing systems that provide resources for servicing requests received from client computing device 406, and/or networks or computing devices thereof that access other services, applications, or data over the Internet.


It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Agasaveeran and Berger with the technique for including other computing devices as intermediaries between a requestor and a requestor application request application of Koushik to include 
wherein the plurality of computing devices is intermediary to the requestor of the application and the application.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to include multiple computers as intermediaries to facilitate communications between clients and servers, and to provide additional services to the client computing device. The system of the primary reference can be modified so that the multiple requestors are intermediaries to each other.
As per claim 9, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2.  

Claims 3, 10, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Agasaveeran in view of Berger, further in view of Corella et al. U.S. Publication 20140006781 (hereinafter “Corella”).
As per claim 3, the rejection of claim 1 is incorporated herein. 
	However, the combination of Agasaveeran and Berger does not expressly disclose 
wherein the connection is a transport layer security (TLS) connection.  
Corella discloses wherein the connection is a transport layer security (TLS) connection.  
(transport layer security (TLS) is interpreted as Transport Layer Security Protocol in view of the knowledge of one of ordinary skill in the art.)
[0056] At 410 the prover black-box authenticates cryptographically to the verifier black-box. To that purpose it establishes a TLS connection to a cryptographic authentication endpoint of the verifier black-box. (The acronym TLS refers to the Transport Layer Security protocol of the Internet Engineering Task Force, which is a successor to the Secure Sockets Layer protocol.) During the TLS handshake, the verifier black-box authenticates to the prover black-box by sending a TLS server certificate and proving knowledge of the corresponding private key. After the TLS connection has been established, the verifier black-box sends a random high-entropy nonce to the prover black-box over the TLS connection. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Agasaveeran and Berger with the technique for establishing a TLS connection using the transport layer security protocol of Corella to include 
wherein the connection is a transport layer security (TLS) connection.  
One of ordinary skill in the art would have made this modification to improve the security of the connection, since the transport layer security protocol secures the connection so that the data being transmitted between the parties is private and malicious 3rd parties cannot access the data being transmitted between the parties. The system of the of the primary reference can be modified so that the connection is established according to the transport layer security protocol.
As per claim 10, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3.  
As per claim 19, the claim(s) is/are directed to a non-transitory computer-readable with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3.  

Claims 5, 12, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Agasaveeran in view of Berger, further in view of Morello et al. Know Your Firewall: Layer 3 vs. Layer 7, https://securityboulevard.com/2018/10/know-your-firewall-layer-3-vs-layer-7/, October 3, 2018 (hereinafter “Morello”).
As per claim 5, the rejection of claim 1 is incorporated herein. 
Agasaveeran discloses rejecting the handshake request [drop the connection request 4:27-29]
Agasaveeran 4:27-29 If the throttle filter blocks the transport layer component of the connection request, the computerized device drops the connection request.

	However, the combination of Agasaveeran and Berger does not expressly disclose 
one of rejecting or dropping the handshake request responsive to determining to reject the application request.  
Morello discloses blocking traffic based on rejecting the application connection request
Morello page 3, paragraph 3 to paragraph 5 Layer 7 Firewalls (Application Firewalls)
The other common approach to firewall configuration involves layer 7, which is also known as the application layer.

Layer 7 lets you sort traffic according to which application or application service the traffic is trying to reach, and what the specific contents of that traffic are. Rather than simply blocking all traffic on a certain port, you could use an application firewall to accept traffic on that port in general, but block any traffic that contains a known vulnerability (such as a SQL injection attack or a malicious telnet command).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Agasaveeran and Berger with the blocking traffic based on rejecting the application connection request of Morello to include 
one of rejecting or dropping the handshake request responsive to determining to reject the application request.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to more efficiently block traffic based on the underlying application. The system of the primary reference can be modified to block traffic based on rejecting application requests. This allows system to selectively block traffic based on the requested application, rather than simply blocking any originating IP address or requested port. Since the handshake request is part of the traffic, blocking any traffic as taught in Morello will also block the handshake request.
As per claim 12, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.  
As per claim 17, the claim(s) is/are directed to a non-transitory computer-readable with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5.  

Claims 6, 13, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Agasaveeran in view of Berger, further in view of Vig et al. U.S. Publication 20170154091 (hereinafter “Vig”).
As per claim 6, the rejection of claim 1 is incorporated herein. 
Agasaveeran in view of Berger discloses storing each of the connection requests that include the application layer components
Agasaveeran 5:15-53 (21) The connection database stores information about connection requests and application layer component outcomes. The system proceeds with an application layer connection if the throttle filter allows the transport layer component. The controller adds data about the application layer connection to the connection database ….the server connection is an HTTP server connection where the application layer connection component is an HTTP connection component and the transport layer connection component is a TCP connection component. 

Agasaveeran 11:12-13 blocking requests from illegitimate requestors

Agasaveeran 5:1-8 the list of connection request characteristics is a list of connection requestor IP addresses to be blocked as indicated by data from the connection database. In another arrangement, the list of connection request characteristics is a list of connection requestor port numbers in addition to IP addresses to be blocked as indicated by data from the connection database.

Agasaveeran 6:42-46 embedded system provides a connection database to store information about connection requests and associated HTTP connection outcomes.

	However, the combination of Agasaveeran and Berger does not expressly disclose 
wherein the plurality of computing devices record to the registry at least each respective application request of the handshake requests.  
Vig discloses the multiple clients may request a database to store information
[0027] The DDS 105 in the depicted embodiment may comprise several layers of resources. A front-end layer 142, comprising one or more request router (RR) nodes 140 (such as RRs 140A, 140B, and 140C) may serve as the service endpoints to which clients 170 submit work requests (e.g., read and write requests of various types) directed to database objects, and from which clients may receive responses to the work requests. 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Agasaveeran and Berger with the technique for allowing multiple database clients to request storing data in the database of Vig to include 
wherein the plurality of computing devices record to the registry at least each respective application request of the handshake requests.  
One of ordinary skill in the art would have made this modification to improve the ability of the system to log the connection requests that include the application layer connection requests, in order to facilitate detecting repeated requests. The system of the primary reference can be modified so that the client devices requests the database to record the connection requests.
As per claim 13, the claim(s) is/are directed to a system with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.  
As per claim 20, the claim(s) is/are directed to a non-transitory computer-readable with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.  




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Emphasis is additional throughout.