SYSTEMS AND METHODS FOR SUPPRESSING DENIAL OF SERVICE ATTACKS

DETAILED ACTION This application has been examined. Claims 1-3,5-20 are pending. Claim 4 is cancelled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 4/9/2026 has been entered. Response to Arguments Applicant's arguments filed 4/9/2026 have been fully considered but they are moot in view of the new grounds for rejection. While Nishijima-Clemm-Peri substantially disclosed the claimed invention Nishijima-Clemm-Peri does not disclose (re. Claim 1) wherein the computing resource usage includes at least one of central processing unit (CPU) usage percentage or CPU load. Naga Paragraph 39 disclosed wherein controller 127 may monitor for detection of a CPU utilization condition on a network element 122 by monitoring the CPU load on the network element 122. The CPU utilization condition for a network element 122 may be defined in any suitable manner e.g. CPU load greater than or equal to 70% of CPU capacity of the network element 122. Naga disclosed (re. Claim 1) wherein the computing resource usage includes at least one of central processing unit (CPU) usage percentage or CPU load.( Naga -Paragraph 39, controller 127 may monitor for detection of a CPU utilization condition on a network element 122 by monitoring the CPU load on the network element 122. The CPU utilization condition for a network element 122 may be defined in any suitable manner e.g. CPU load greater than or equal to 70% of CPU capacity of the network element 122.) Nishijima,Clemm and Naga are analogous art because they present concepts and practices regarding traffic suppression. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Naga into Nishijima-Clemm. The motivation for the said combination would have been implement controller can impose a limit on the number of flows that can be initiated from a MAC address or IP address and set a rule to drop any new data flows at the network element if such limit is violated and to protect against resource exhaustion attacks.(Naga -Paragraph 35) Priority This application claims benefits of priority from Provisional Application 63/294370 filed December 28,2021. The effective date of the claims described in this application is December 28,2021. Information Disclosure Statement The Applicant is respectfully reminded that each individual associated with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the Office, which includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined in 37 CFR 1.56. There were no information disclosure statements filed with this application. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3,5-14,16-17,19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nishijima (US PGPUB 20210067490) further in view of Clemm (USPGPUB 20190007326) further in view of Peri (USPGPUB 20230300075) further in view of Naga (USPGPUB 2014/0089506) Regarding Claim 1 Nishijima Paragraph 44 disclosed wherein attack source devices 7a and 7d such as servers that attack the attack target server 4 are connected to the external networks NWa and NWd, as an example. The attack target server 4 is an example of an attack target device that receives an attack. Nishijima Paragraph 60 disclosed wherein the NW management server 1 can suppress an increase in a load of forward processing of other traffic due to the defense settings. Nishijima Paragraph 101 wherein the edge router 5 prevents the traffic from being unable to reach the attack target server 4 due to the route settings. Nishijima disclosed (re. Claim 1) a method for suppressing network traffic, the method comprising: detecting an abnormal traffic condition at a target device in a network; (Nishijima-Paragraph 47, When detecting the attack traffic, the detection device 3 transmits, to a network management server, information (hereinafter referred to as “attack information”) of an address and a port indicating a destination and a transmission source of the attack traffic, and a protocol type of the attack traffic) determining a source address of high traffic associated with the abnormal traffic condition at the target device; (Nishijima-Paragraph 47, When detecting the attack traffic, the detection device 3 transmits, to a network management server, information (hereinafter referred to as “attack information”) of an address and a port indicating a destination and a transmission source of the attack traffic, and a protocol type of the attack traffic, Paragraph 48, the processing content “block” means discarding the attack traffic having matched transmission source address and destination address.) generating a traffic suppression request comprising a source-destination tuple comprising a source identifier corresponding to the source address and a destination identifier corresponding to an address of the target device; (Nishijima-Paragraph 47, When receiving the attack detection notification from the detection device 3, the NW management server 1x performs, for the firewall 2, defense settings against the attack traffic on the basis of the attack information, Paragraph 49, an inflow of the attack traffic to the attack target server 4 is suppressed, and a load on the attack target server 4 is reduced, Paragraph 48, the processing content “block” means discarding the attack traffic having matched transmission source address and destination address) sending the traffic suppression request to a router; (Nishijima-Paragraph 56, When receiving the detection notification of the attack traffic from the detection device 3, the NW management server 1y performs defense settings against the attack traffic for each of the edge routers 5.) configuring the router with a filter based on the source-destination tuple of the traffic suppression request; (Nishijima-Paragraph 56, When receiving the detection notification of the attack traffic from the detection device 3, the NW management server 1y performs defense settings against the attack traffic for each of the edge routers 5.) and filtering traffic between the source address and the target device based on the configured filter.(Nishijima-Paragraph 52, edge router 5 and the intermediate router 6 can discard the attack traffic by registering address information of the attack traffic in an ACL on the basis of the attack information, Paragraph 48, the processing content “block” means discarding the attack traffic having matched transmission source address and destination address) While Nishijima substantially disclosed the claimed invention Nishijima does not disclose (re. Claim 1) detecting, by a target device, an abnormal traffic condition at a target device in a network. While Nishijima substantially disclosed the claimed invention Nishijima does not disclose (re. Claim 1) detecting an overload condition at a target device in a network. Clemm Paragraph 104 disclosed using category flow records to detect excess network usage. Clemm Paragraph 22 disclosed determining, based on the source category and the destination category, a maximum transmission rate for the source endpoint to the destination endpoint; determining an attempted transmission rate by the source endpoint to the destination endpoint; and determining that the attempted transmission rate exceeds the maximum transmission rate. Clemm disclosed (re. Claim 1) detecting an overload condition at a target device in a network.( Clemm-Paragraph 22,determining an attempted transmission rate by the source endpoint to the destination endpoint; and determining that the attempted transmission rate exceeds the maximum transmission rate.) Nishijima and Clemm are analogous art because they present concepts and practices regarding traffic suppression. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Clemm into Nishijima. The motivation for the said combination would have been implement a policy module 470 may access a policy (e.g., a row in the policy table 550) that indicates, based on the source category and the destination category, that the source endpoint is not permitted to communicate with the destination endpoint. Nishijima Paragraph 89 disclosed wherein the attack detection unit 101 may directly detect the attack traffic from the traffic transmitted from the network 9 to the attack target server 4 by including a function similar to the detection device 3. The Examiner notes wherein Nishijima disclosed wherein the functionality of the attack detection device is transferrable to other devices in the network. While Nishijima-Clemm substantially disclosed the claimed invention Nishijima-Clemm does not disclose (re. Claim 1) detecting, by a target device, an abnormal traffic condition at a target device in a network. Peri Paragraph 108-109 disclosed wherein IPU 600 can provide security features including: passive or active enforcement of security policies and services such as access control lists, rate limiting, intrusion detection, distributed denial of service attacks. Peri Paragraph 188 disclosed wherein the NIC circuitry 104A-B analyzes the sub window for evidence of an attack or an unexpected pattern of packet losses. Peri disclosed (re. Claim 1) detecting, by a target device, an abnormal traffic condition at a target device in a network.(Peri- Paragraph 188,the NIC circuitry 104A-B analyzes the sub window for evidence of an attack or an unexpected pattern of packet losses.) Nishijima,Clemm and Peri are analogous art because they present concepts and practices regarding traffic suppression. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Peri into Nishijima-Clemm. The motivation for the said combination would have been implement a NIC 140A-B that can divide, partition, and/or otherwise split a data flow into multiple sub flows so that the NIC circuitry 104A-B can schedule and distribute the multiple sub flows atomically and further implement a determination circuitry 220 can allow for more than one sub flow to be affined to a given core to prevent throttling of multi-flow performance with enqueue time packet distributors or quanta-based packet distributors. (Peri-Paragraph 43,Paragraph 69,Paragraph 99, Paragraph 128) Nishijima-Clemm-Peri-Naga disclosed (re. Claim 1) wherein a network monitoring device of the network is configured to monitor computing resource usage at the target device (Nishijima-Paragraph 47, When detecting the attack traffic, the detection device 3 transmits, to a network management server, information (hereinafter referred to as “attack information”) of an address and a port indicating a destination and a transmission source of the attack traffic, and a protocol type of the attack traffic) and is configured to detect the overload condition at the target device ( Clemm-Paragraph 22,determining an attempted transmission rate by the source endpoint to the destination endpoint; and determining that the attempted transmission rate exceeds the maximum transmission rate.) based on the monitored computing resource usage and to generate the traffic suppression request based on detecting the overload condition (Nishijima-Paragraph 56, When receiving the detection notification of the attack traffic from the detection device 3, the NW management server 1y performs defense settings against the attack traffic for each of the edge routers 5.) While Nishijima-Clemm-Peri substantially disclosed the claimed invention Nishijima-Clemm-Peri does not disclose (re. Claim 1) wherein the computing resource usage includes at least one of central processing unit (CPU) usage percentage or CPU load. Naga Paragraph 39 disclosed wherein controller 127 may monitor for detection of a CPU utilization condition on a network element 122 by monitoring the CPU load on the network element 122. The CPU utilization condition for a network element 122 may be defined in any suitable manner e.g. CPU load greater than or equal to 70% of CPU capacity of the network element 122. Naga disclosed (re. Claim 1) wherein the computing resource usage includes at least one of central processing unit (CPU) usage percentage or CPU load.( Naga -Paragraph 39, controller 127 may monitor for detection of a CPU utilization condition on a network element 122 by monitoring the CPU load on the network element 122. The CPU utilization condition for a network element 122 may be defined in any suitable manner e.g. CPU load greater than or equal to 70% of CPU capacity of the network element 122.) Nishijima,Clemm and Naga are analogous art because they present concepts and practices regarding traffic suppression. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Naga into Nishijima-Clemm. The motivation for the said combination would have been implement controller can impose a limit on the number of flows that can be initiated from a MAC address or IP address and set a rule to drop any new data flows at the network element if such limit is violated and to protect against resource exhaustion attacks.(Naga -Paragraph 35) Regarding Claim 16 Claim 16 (re. traffic suppression request routing system) recites substantially similar limitations as Claim 1. Claim 16 is rejected on the same basis as Claim 1. Regarding Claim 19 Claim 19 (re. device) recites substantially similar limitations as Claim 1. Claim 19 is rejected on the same basis as Claim 1. Furthermore Nishijima-Clemm-Peri-Naga disclosed (re. Claim 19) least one NIC processor; (Peri- Paragraph 188,the NIC circuitry 104A-B analyzes the sub window for evidence of an attack or an unexpected pattern of packet losses.) Furthermore Nishijima-Clemm-Peri-Naga disclosed (re. Claim 19) detecting an overload condition at the at least one main processor; (Nishijima-Paragraph 82,Figure 5, NW management server 1 includes a central processing unit (CPU) 10) Regarding Claim 2 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 2) wherein the target device (Peri- Paragraph 188,the NIC circuitry 104A-B analyzes the sub window for evidence of an attack or an unexpected pattern of packet losses.) is configured to generate the traffic suppression request. (Nishijima-Paragraph 56, When receiving the detection notification of the attack traffic from the detection device 3, the NW management server 1y performs defense settings against the attack traffic for each of the edge routers 5.) Regarding Claim 3 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 3) wherein a smart network interface card (Peri- Paragraph 188,the NIC circuitry 104A-B analyzes the sub window for evidence of an attack or an unexpected pattern of packet losses.) of the target device is configured to generate the traffic suppression request. (Nishijima-Paragraph 56, When receiving the detection notification of the attack traffic from the detection device 3, the NW management server 1y performs defense settings against the attack traffic for each of the edge routers 5.) Regarding Claim 5 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 5) wherein a software agent running on a device in the network (Peri-Paragraph 119, Global Hierarchical Software-defined Control Plane management operations can be offloaded to the IPU 600) is configured to generate the traffic suppression request, and wherein the software agent is configured to receive network traffic information regarding network traffic flow within the network. (Nishijima-Paragraph 56, When receiving the detection notification of the attack traffic from the detection device 3, the NW management server 1y performs defense settings against the attack traffic for each of the edge routers 5.) Regarding Claim 6 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 6) wherein the software agent selects the router based on a path of the high traffic through the network.(Nishijima-Paragraph 95, the NW information is a load (%) of the traffic forward processing of each edge router 5 and each intermediate router 6, and is used by the router selection unit 104 to select the defense router the merging router.) Regarding Claim 7 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 7) wherein the software agent selects the router at an ingress point of the high traffic into the network. (Nishijima-Paragraph 95, the NW information is a load (%) of the traffic forward processing of each edge router 5 and each intermediate router 6, and is used by the router selection unit 104 to select the defense router the merging router.) Regarding Claim 8 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 8) wherein the software agent selects the router at an ingress point from the source address (Nishijima-Paragraph 54, the NW management server 1x performs attack traffic restriction settings for all the edge routers 5) into a peering network connected to the network.(Nishijima-Paragraph 44, edge routers (#1) 5 to (#4) 5 are connected to the external networks NWa to NWd) Regarding Claim 9 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 9) wherein the software agent selects all routers in the network on a path taken by the high traffic from the source address to the target device.(Nishijima-Paragraph 54, the NW management server 1x performs attack traffic restriction settings for all the edge routers 5) Regarding Claim 10 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 10) wherein the software agent runs on a software defined networking router of the network. (Peri-Paragraph 119, Global Hierarchical Software-defined Control Plane management operations can be offloaded to the IPU 600) Regarding Claim 11 Nishijima Paragraph 89 disclosed wherein the attack detection unit 101 may directly detect the attack traffic from the traffic transmitted from the network 9 to the attack target server 4 by including a function similar to the detection device 3. The Examiner notes wherein Nishijima disclosed wherein the functionality of the attack detection device is transferrable to other devices in the network. Nishijima-Clemm-Peri-Naga disclosed (re. Claim 11) wherein the software agent runs in a hypervisor, a container manager, or a host operating system of the target device. (Peri-Paragraph 119, Global Hierarchical Software-defined Control Plane management operations can be offloaded to the IPU 600,Paragraph 199, interface circuitry 1420 of the illustrated example also includes a communication device such as a transmitter, a receiver, a transceiver, a modem, a residential gateway, a wireless access point, and/or a network interface to facilitate exchange of data with external machines) Regarding Claim 12 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 12) wherein the software agent participates in a route reflector network of the network and wherein the network traffic information includes route information from the route reflector network.(Peri-Paragraph 176, the NIC circuitry 104A-B determines a packet flow distribution configuration ) Regarding Claim 13 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 13) wherein the router is a gateway connected to the target device. (Nishijima-Paragraph 54, the NW management server 1x performs attack traffic restriction settings for all the edge routers 5, Paragraph 196, interface circuitry 1420 of the illustrated example also includes a communication device such as a transmitter, a receiver, a transceiver, a modem, a residential gateway, a wireless access point, and/or a network interface to facilitate exchange of data with external machines) Regarding Claim 14 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 14) wherein the traffic suppression request is broadcast to all routers in the network. (Nishijima-Paragraph 54, the NW management server 1x performs attack traffic restriction settings for all the edge routers 5) Regarding Claim 17 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 17) wherein identifying one or more routers along one or more paths within the network comprises identifying an ingress router of the network for the traffic, (Nishijima-Paragraph 54, the NW management server 1x performs attack traffic restriction settings for all the edge routers 5) and wherein sending the traffic suppression request comprises sending the traffic suppression request to the ingress router. (Nishijima-Paragraph 54, the NW management server 1x performs attack traffic restriction settings for all the edge routers 5) Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nishijima (US PGPUB 20210067490) further in view of Clemm (USPGPUB 20190007326) further in view of Peri (USPGPUB 20230300075) further in view of Naga (USPGPUB 2014/0089506) further in view of Chychi (US Patent 11968226) Regarding Claim 15 While Nishijima-Clemm-Peri-Naga substantially disclosed the claimed invention Nishijima-Clemm-Peri-Naga does not disclose (re. Claim 15) wherein the traffic suppression request further comprises an expiration time, and wherein the router is configured to automatically remove the filter when the expiration time has elapsed. Chychi Column 5 Lines 40-50 disclosed where a black hole can refer to, for example, a change in network routing at a location such that the identified traffic is routed to nowhere, or an invalid address, such that the traffic is effectively discarded or otherwise not routed to its intended destination. Chychi disclosed (re. Claim 15) wherein the traffic suppression request further comprises an expiration time, and wherein the router is configured to automatically remove the filter when the expiration time has elapsed.(Chychi-Column 13 Lines 1-10, the black holes might have an expiration time or period, and upon expiration a decision might be made to reinstate the black hole or create a different black hole if the attack is still ongoing) Nishijima,Clemm and Chychi are analogous art because they present concepts and practices regarding traffic suppression. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Chychi into Nishijima-Clemm. The motivation for the said combination would have been enable the network manager 304 to adjust to a different network along the path if the targeted network does not acknowledge or otherwise is unable or unwilling to perform the requested or desired mediation. (Chychi-Column 9 Lines 5-10) Claim(s) 18,20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nishijima (US PGPUB 20210067490) further in view of Clemm (USPGPUB 20190007326) further in view of Peri (USPGPUB 20230300075) further in view of Naga (USPGPUB 2014/0089506) further in view of Guo (USPGPUB 20210306373) Regarding Claim 18 Nishijima-Clemm-Peri-Naga disclosed (re. Claim 18) wherein the ingress router is identified as a gateway into the network from the second network. (Nishijima-Paragraph 54, the NW management server 1x performs attack traffic restriction settings for all the edge routers 5, Paragraph 196, interface circuitry 1420 includes a residential gateway, a wireless access point, and/or a network interface to facilitate exchange of data with external machines) While Nishijima-Clemm-Peri-Naga substantially disclosed the claimed invention Nishijima-Clemm-Peri-Naga does not disclose (re. Claim 18) wherein the source identifier identifies a range of source addresses associated with a second network. Guo figure 7,Paragraph 31,Paragraph 34 disclosed performing a longest prefix match on the domain name and the path string. Guo disclosed (re. Claim 18) wherein the source identifier identifies a range of source addresses associated with a second network.(Guo-Paragraph 34, longest prefix match can be performed by a pattern matching hardware module of the hardware acceleration sub-system. The pattern matching hardware module can be used to perform intrusion detection processing on network traffic received by network security device 104.) Nishijima,Clemm and Guo are analogous art because they present concepts and practices regarding traffic suppression. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Guo into Nishijima-Clemm. The motivation for the said combination would have been enable a variety of different rate counters to be created by an administrator of a network security device (e.g., network security device 104) as appropriate for detecting and mitigating DoS attacks directed at the particular domains hosted by one or more servers protected by the network security device.(Guo-Paragraph 63) Regarding Claim 20 While Nishijima-Clemm-Peri-Naga substantially disclosed the claimed invention Nishijima-Clemm-Peri-Naga does not disclose (re. Claim 20) wherein the smart NIC is operable to perform the method while the at least one main processor is in the overload condition. Guo Paragraph 41 disclosed wherein the processing resource that initially receives network traffic on behalf of the network security device 104 may be an embedded processor within the NIC and wherein said detecting and mitigating a DOS attack can be performed on behalf of a host within the data center without using a central processing unit (CPU) of the network security device. Gou disclosed (re. Claim 20) wherein the smart NIC is operable to perform the method while the at least one main processor is in the overload condition.( Guo-Paragraph 41,the processing resource that initially receives network traffic on behalf of the network security device 104 may be an embedded processor within the NIC and wherein said detecting and mitigating a DOS attack can be performed on behalf of a host within the data center without using a central processing unit (CPU) of the network security device.) Nishijima,Clemm and Guo are analogous art because they present concepts and practices regarding traffic suppression. Before the time of the effective filing date of the claimed invention it would have been obvious to combine Guo into Nishijima-Clemm. The motivation for the said combination would have been enable a variety of different rate counters to be created by an administrator of a network security device (e.g., network security device 104) as appropriate for detecting and mitigating DoS attacks directed at the particular domains hosted by one or more servers protected by the network security device.(Guo-Paragraph 63) Conclusion Examiner’s Note: In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREG C BENGZON whose telephone number is (571)272-3944. The examiner can normally be reached on Monday - Friday 8 AM - 4:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GREG C BENGZON/ Primary Examiner, Art Unit 2444