DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the arguments/amendments filed on 11/12/2025. Claims 1-20 are currently pending in the application.
Response to Arguments
Applicant’s arguments filed on 11/12/2025 with respect to claims 1, 9, and 17 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPub. No. 20220224629 to Mada et al (hereinafter Mada) and further in view of US Pat. No. 10015081 to Heitz; Jakob (hereinafter Heitz) and further in view of PGPub. No. 20230031496 to Capelle et al. (hereinafter Capelle) and further in view of US PGPub. No. 20130152187 to Strebe et al. (hereinafter Strebe).
Regarding claim 1, Mada discloses a method comprising:
Determining (FIG. 3, wherein autonomous system (AS) 200 sends advertisements 22 to AS300), by a victim autonomous system (AS) (¶0026, FIGs. 3, 4, and.5, AS 200, wherein AS 200 is a victim autonomous system because it is included in the BGP route as a destination), that a first AS (¶0026, FIG.5, AS 300) is associated with a first BGP route that includes the victim AS as a destination or as an AS along the first Border Gateway Protocol (BGP) route to the destination (¶0026, FIG.5, wherein AS 300 is associated with BGP route to AS 200); and
sending a message to a second AS (¶0026, FIG.5, AS 400, “the router 12D in the
autonomous system AS400 is configured to send the traffic destined to the prefix P2 via an NH to the router 12C”) to suppress utilization of the first BGP route in propagating data to the victim AS (¶0027-¶0028, “… Upon receiving the message, the peers look for the alternative next-hop in a BGP routing database and install the new route in the data plane in order to redirect the traffic. This approach makes use of the longest-prefix matching forwarding lookup idea and installs the longer prefix in the data plane in order to redirect traffic to a more specific route”, wherein redirecting the traffic is interpreted as not utilizing (suppress) the first BGP to transmit data through AS 300 (the first AS) to the victim autonomous system, (AS200)), the message including:
a set of one or more AS numbers to avoid in using to propagate data to the victim AS (¶0034, FIG.8, “…after detecting the fault 24, the router 12C sends a BGP update with
an “Aggregation-Exception” NLRI therein, namely 160.30.0.0/16, NH:”, wherein the update contains the AS numbers to avoid in propagating data),
wherein the set of one or more AS numbers include the first AS (¶0034, “Not Router 12C…”, wherein not Router 12C means AS 300 (first AS) associated with router 12C is included in the autonomous system to refrain from being used to propagate data because it is not included in the new route “Aggregation-Exception” NLRI); See also paragraph 31 where the alternate route does not include the failed one.
However, Mada does not explicitly disclose the following limitation:
and sending a message to a second AS to suppress utilization of the first BGP route in propagating data to the victim AS, wherein the suppression occurs without removing the first BGP route from a routing table of the second AS while still using the routing table to route traffic, and wherein
the message including a timestamp to identify when the message was sent; and
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Heitz discloses sending a message to a second AS to suppress utilization of the first BGP route in propagating data to the victim AS, wherein the suppression occurs without removing the first BGP route from a routing table of the second AS while still using the routing table to route traffic (Coln. 5, lines 42-61, “The method describes a method for invoking a new route at a BGP router in order to avoid a hijacked route. At step 610, notice is received at the BGP router of a route comprising a hijacked prefix having a first netmask length. The term “notice” as used in the present disclosure and claims, in all of its various grammatical forms, refers to messages sent over a network by networking devices indicating network information and other associated information, such as, but not limited to, routing updates. Such notices and messages are often sent at regular intervals, or after a change in network topology…”), (Coln. 5, lines 27-41, “Additionally, the poisoned route is put into a new, separate routing table, stored as a poisoned route table, so that if a better alternative route becomes available (i.e. a route with a longer netmask), the BGP router of first AS 110 may switch to the better alternative route and while still avoiding the poisoned route. It is appreciated that switching to the better alternative is not urgent, so that the BGP router may episodically walk the poisoned route table and determine if the better alternative route is presently available. It is also appreciated that if for some reason the poisoned route is no longer poisoned (for instance the rouge BGP router which was been hijacked is no longer hijacked), it may be desirable to restore the original route which is now no longer poisoned.”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the method of Mada to include suppressing utilization of a BGP route without removing it from the routing table as disclosed by Heitz and be motivated in doing so such that if for some reason the poisoned route is no longer poisoned (for instance the rouge BGP router which was been hijacked is no longer hijacked), it may be desirable to restore the original route which is now no longer poisoned-Heitz (Coln. 5, lines 27-41, in parts.
Mada in view of Heitz does not explicitly disclose the following limitation:
the message including a timestamp to identify when the message was sent; and
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Capelle discloses a timestamp to identify when the message was sent (¶0067, FIG. 3a, “…another router node of the system (1) (RTR1, 10a) can be configured to generate (40) transmission timestamp data for data routing information, and to insert (41) the transmission timestamp data in a field of a message of the BGP routing protocol, the field being intended to receive data relating to data routing”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the method of Mada and Heitz to include sending a message that includes a timestamp to identify when the message was sent as disclosed by Capelle and be motivated in doing so in order to improve integrity and security of the data as timestamp creates a clear and verifiable audit trail, recording precisely when actions occur on data.
The combination of Mada, Heitz, and Capelle does not explicitly disclose the following limitation:
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Strebe discloses an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route (¶0104, “To implement the filtering routes within an AS network, a NOTX coordinator may use existing routing protocols such as BGP, EIGRP, OSPF, and RIP to update the routing tables of any of the routers administered by the local Autonomous System network so that the traffic subject to the block request is routed to filtering firewalls rather than directly through the system…”), (¶0134-¶0135, “…The list may also include an expiration time-out for how long each indicated host should be blocked in some implementations. In some implementations, the timeout is limited to an upper value, to avoid perpetual blocks…Depending upon the type of attack detected by a NOTX Coordinator, the local NOTX coordinator may directly control which NOTX coordinators assist in blocking an attack…”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the method of Mada, Heitz, and Capelle to include an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route as disclosed by Strebe and be motivated in doing so in order to avoid perpetual blocks of the route-Strebe ¶0134 in part.
Regarding claim 9, Mada discloses a non-transitory computer-readable medium comprising instructions, which when executed by one or more processors, cause the one or more processors (¶0055, “a non-transitory computer-readable…”) to:
determine (FIG. 3, wherein autonomous system (AS) 200 sends advertisements 22 to AS300), by a victim autonomous system (AS) (¶0026, FIG.5, AS 200, wherein AS
200 is a victim autonomous system because it is included in the BGP route as a destination), that a first AS (¶0026, FIG.5, AS 300) is associated with a first BGP route that includes the victim AS as a destination or as an AS along the first Border Gateway Protocol (BGP) route to the destination (¶0026, FIG.5, wherein AS 300 is associated with BGP route to AS 200); and
send a message to a second AS (¶0026, FIG.5, AS 400, “the router 12D in the
autonomous system AS400 is configured to send the traffic destined to the prefix P2 via an NH to the router 12C”) to suppress utilization of the first BGP route in propagating data to the victim AS (¶0027-¶0028, “… Upon receiving the message, the peers look for the alternative next-hop in a BGP routing database and install the new route in the data plane in order to redirect the traffic. This approach makes use of the longest-prefix matching forwarding lookup idea and installs the longer prefix in the data plane in order to redirect traffic to a more specific route”, wherein redirecting the traffic is interpreted as not utilizing (suppress) the first BGP to transmit data through AS 300 (the first AS) to the victim autonomous system, (AS200)), the message including:
a set of one or more AS numbers to avoid in refraining from using to propagate data to the victim AS (¶0034, FIG.8, “…after detecting the fault 24, the router 12C sends a BGP update with an “Aggregation-Exception” Network Layer Reachability Information (NLRI) therein, namely 160.30.0.0/16, NH:”, wherein the update contains the AS numbers to avoid in propagating data),
wherein the set of one or more AS numbers include the first AS (¶0034, “Not Router 12C…”, wherein not Router 12C means AS 300 (first AS) associated with router 12C is included in the autonomous system to refrain from being used to propagate data because it is not included in the new route “Aggregation-Exception” NLRI); See also paragraph 31 where the alternate route does not include the failed one.
However, Mada does not explicitly disclose the following limitation:
and sending a message to a second AS to suppress utilization of the first BGP route in propagating data to the victim AS, wherein the suppression occurs without removing the first BGP route from a routing table of the second AS while still using the routing table to route traffic, and wherein
the message including a timestamp to identify when the message was sent; and
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Heitz discloses sending a message to a second AS to suppress utilization of the first BGP route in propagating data to the victim AS, wherein the suppression occurs without removing the first BGP route from a routing table of the second AS while still using the routing table to route traffic (Coln. 5, lines 42-61, “The method describes a method for invoking a new route at a BGP router in order to avoid a hijacked route. At step 610, notice is received at the BGP router of a route comprising a hijacked prefix having a first netmask length. The term “notice” as used in the present disclosure and claims, in all of its various grammatical forms, refers to messages sent over a network by networking devices indicating network information and other associated information, such as, but not limited to, routing updates. Such notices and messages are often sent at regular intervals, or after a change in network topology…”), (Coln. 5, lines 27-41, “Additionally, the poisoned route is put into a new, separate routing table, stored as a poisoned route table, so that if a better alternative route becomes available (i.e. a route with a longer netmask), the BGP router of first AS 110 may switch to the better alternative route and while still avoiding the poisoned route. It is appreciated that switching to the better alternative is not urgent, so that the BGP router may episodically walk the poisoned route table and determine if the better alternative route is presently available. It is also appreciated that if for some reason the poisoned route is no longer poisoned (for instance the rouge BGP router which was been hijacked is no longer hijacked), it may be desirable to restore the original route which is now no longer poisoned.”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the method of Mada to include suppressing utilization of a BGP route without removing it from the routing table as disclosed by Heitz and be motivated in doing so such that if for some reason the poisoned route is no longer poisoned (for instance the rouge BGP router which was been hijacked is no longer hijacked), it may be desirable to restore the original route which is now no longer poisoned-Heitz (Coln. 5, lines 27-41, in parts.
Mada in view of Heitz does not explicitly disclose the following limitation:
the message including a timestamp to identify when the message was sent; and
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Capelle discloses a timestamp to identify when the message was sent (¶0067, FIG. 3a, “…another router node of the system (1) (RTR1, 10a) can be configured to generate (40) transmission timestamp data for data routing information, and to insert (41) the transmission timestamp data in a field of a message of the BGP routing protocol, the field being intended to receive data relating to data routing”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the method of Mada and Heitz to include sending a message that includes a timestamp to identify when the message was sent as disclosed by Capelle and be motivated in doing so in order to improve integrity and security of the data as timestamp creates a clear and verifiable audit trail, recording precisely when actions occur on data.
The combination of Mada, Heitz, and Capelle does not explicitly disclose the following limitation:
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Strebe discloses an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route (¶0104, “To implement the filtering routes within an AS network, a NOTX coordinator may use existing routing protocols such as BGP, EIGRP, OSPF, and RIP to update the routing tables of any of the routers administered by the local Autonomous System network so that the traffic subject to the block request is routed to filtering firewalls rather than directly through the system…”), (¶0134-¶0135, “…The list may also include an expiration time-out for how long each indicated host should be blocked in some implementations. In some implementations, the timeout is limited to an upper value, to avoid perpetual blocks…Depending upon the type of attack detected by a NOTX Coordinator, the local NOTX coordinator may directly control which NOTX coordinators assist in blocking an attack…”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the method of Mada, Heitz, and Capelle to include an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route as disclosed by Strebe and be motivated in doing so in order to avoid perpetual blocks of the route-Strebe ¶0134 in part.
Regarding claim 17, Mada discloses a system comprising:
one or more processors; and one or more memories storing computer-readable instructions, which when executed by the one or more processors, cause the one or more processors (¶0055, “…one or more processors, circuit…”) to:
determine (FIG. 3, wherein autonomous system (AS) 200 sends advertisements 22 to AS300), by a victim autonomous system (AS) (¶0026, FIG.5, AS 200, wherein AS
200 is a victim autonomous system because it is included in the BGP route as a destination), that a first AS (¶0026, FIG.5, AS 300) is associated with a first Border Gateway Protocol (BGP) route that includes the victim AS as a destination or as an AS along the first BGP route to the destination (¶0026, FIG.5, wherein AS 300 is associated with BGP route to AS 200); and
send a message to a second AS (¶0026, FIG.5, AS 400, “the router 12D in the
autonomous system AS400 is configured to send the traffic destined to the prefix P2 via an NH to the router 12C”) to suppress utilization of the first BGP route in propagating data to the victim AS (¶0027-¶0028, “… Upon receiving the message, the peers look for the alternative next-hop in a BGP routing database and install the new route in the data plane in order to redirect the traffic. This approach makes use of the longest-prefix matching forwarding lookup idea and installs the longer prefix in the data plane in order to redirect traffic to a more specific route”, wherein redirecting the traffic is interpreted as not utilizing (suppress) the first BGP to transmit data through AS 300 (the first AS) to the victim autonomous system, (AS200)), the message including:
a set of one or more AS numbers to avoid in refraining from using to propagate data to the victim AS (¶0034, FIG.8, “…after detecting the fault 24, the router 12C sends a BGP update with an “Aggregation-Exception” NLRI therein, namely 160.30.0.0/16, NH:”, wherein the update contains the AS numbers to avoid in propagating data),
wherein the set of one or more AS numbers include the first AS (¶0034, “Not Router 12C…”, wherein not Router 12C means AS 300 (first AS) associated with router 12C is included in the autonomous system to refrain from being used to propagate data because it is not included in the new route “Aggregation-Exception” NLRI); See also paragraph 31 where the alternate route does not include the failed one.
However, Mada does not explicitly disclose the following limitation:
and sending a message to a second AS to suppress utilization of the first BGP route in propagating data to the victim AS, wherein the suppression occurs without removing the first BGP route from a routing table of the second AS while still using the routing table to route traffic, and wherein
the message including a timestamp to identify when the message was sent; and
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Heitz discloses sending a message to a second AS to suppress utilization of the first BGP route in propagating data to the victim AS, wherein the suppression occurs without removing the first BGP route from a routing table of the second AS while still using the routing table to route traffic (Coln. 5, lines 42-61, “The method describes a method for invoking a new route at a BGP router in order to avoid a hijacked route. At step 610, notice is received at the BGP router of a route comprising a hijacked prefix having a first netmask length. The term “notice” as used in the present disclosure and claims, in all of its various grammatical forms, refers to messages sent over a network by networking devices indicating network information and other associated information, such as, but not limited to, routing updates. Such notices and messages are often sent at regular intervals, or after a change in network topology…”), (Coln. 5, lines 27-41, “Additionally, the poisoned route is put into a new, separate routing table, stored as a poisoned route table, so that if a better alternative route becomes available (i.e. a route with a longer netmask), the BGP router of first AS 110 may switch to the better alternative route and while still avoiding the poisoned route. It is appreciated that switching to the better alternative is not urgent, so that the BGP router may episodically walk the poisoned route table and determine if the better alternative route is presently available. It is also appreciated that if for some reason the poisoned route is no longer poisoned (for instance the rouge BGP router which was been hijacked is no longer hijacked), it may be desirable to restore the original route which is now no longer poisoned.”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the method of Mada to include suppressing utilization of a BGP route without removing it from the routing table as disclosed by Heitz and be motivated in doing so such that if for some reason the poisoned route is no longer poisoned (for instance the rouge BGP router which was been hijacked is no longer hijacked), it may be desirable to restore the original route which is now no longer poisoned-Heitz (Coln. 5, lines 27-41, in parts.
Mada in view of Heitz does not explicitly disclose the following limitation:
the message including a timestamp to identify when the message was sent; and
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Capelle discloses a timestamp to identify when the message was sent (¶0067, FIG. 3a, “…another router node of the system (1) (RTR1, 10a) can be configured to generate (40) transmission timestamp data for data routing information, and to insert (41) the transmission timestamp data in a field of a message of the BGP routing protocol, the field being intended to receive data relating to data routing”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the method of Mada and Heitz to include sending a message that includes a timestamp to identify when the message was sent as disclosed by Capelle and be motivated in doing so in order to improve integrity and security of the data as timestamp creates a clear and verifiable audit trail, recording precisely when actions occur on data.
The combination of Mada, Heitz, and Capelle does not explicitly disclose the following limitation:
an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route.
Strebe discloses an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route (¶0104, “To implement the filtering routes within an AS network, a NOTX coordinator may use existing routing protocols such as BGP, EIGRP, OSPF, and RIP to update the routing tables of any of the routers administered by the local Autonomous System network so that the traffic subject to the block request is routed to filtering firewalls rather than directly through the system…”), (¶0134-¶0135, “…The list may also include an expiration time-out for how long each indicated host should be blocked in some implementations. In some implementations, the timeout is limited to an upper value, to avoid perpetual blocks…Depending upon the type of attack detected by a NOTX Coordinator, the local NOTX coordinator may directly control which NOTX coordinators assist in blocking an attack…”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the method of Mada, Heitz, and Capelle to include an expiration interval that specifies how long to suppress utilization of the first BGP route to prevent an attack on the first BGP route as disclosed by Strebe and be motivated in doing so in order to avoid perpetual blocks of the route-Strebe ¶0134 in part.
Regarding claim 2, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the method of claim 1.
Mada further discloses further comprising:
verifying, by the second AS (¶0026, FIG.5, AS 400), that the message originates from the
victim AS (¶0028, “Upon receiving the message, the peers look for the alternative next-hop in a
BGP routing database and install the new route in the data plane in order to redirect the traffic”, wherein looking for alternative route and installing the new route after receiving the massage is an indication that the message has been verified); See also ¶0034 where the router 12D installs alternative route after receiving an “Aggregation-Exception” NLRI update from router 12C,
and refraining, by the second AS, from using the first AS to propagate the data to the victim AS (¶0028, “This approach makes use of the longest-prefix matching
forwarding lookup idea and installs the longer prefix in the data plane in order to redirect traffic to a more specific route”, wherein installing the longer prefix in order to redirect traffic to a more specific route is interpreted as refraining from using the first AS to propagate data to the victim AS).
Regarding claim 3, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the method of claim 2.
Strebe further discloses wherein the second AS verifies the message based on a certificate (¶0142, “...In some implementations, a secure connection with the source of a NOTX message may be established, and verification performed based on an x.509 security certificate. In some implementations, a connection may be established with a SMTP email host and its connection string information may be verified.”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the method of Mada, Heitz, Capelle, and Strebe to include validation of AS information using a certificate as disclosed by Strebe and be motivated in doing so in order to allows human administrators to inspect blocking lists along any route on the Internet to determine with certainty whether or not a networking issue from which they may be suffering is related to a NOTX block-Strebe ¶0143.
Regarding claim 11, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the non-transitory computer-readable medium of claim 10.
Strebe further discloses wherein the second AS verifies the message based on a certificate (¶0142, “...In some implementations, a secure connection with the source of a NOTX message may be established, and verification performed based on an x.509 security certificate. In some implementations, a connection may be established with a SMTP email host and its connection string information may be verified.”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s claimed invention to modify the method of Mada, Heitz, Capelle, and Strebe to include validation of AS information using a certificate as disclosed by Strebe and be motivated in doing so in order to allows human administrators to inspect blocking lists along any route on the Internet to determine with certainty whether or not a networking issue from which they may be suffering is related to a NOTX block-Strebe ¶0143.
Regarding claim 10, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the non-transitory computer-readable medium of claim 9.
Mada further discloses wherein the instructions, when executed, further cause the one or more processors to:
verify, by the second AS (¶0026, FIG.5, AS 400), that the message originates from the victim AS (¶0028, “Upon receiving the message, the peers look for the alternative next-hop in a
BGP routing database and install the new route in the data plane in order to redirect the traffic”, wherein looking for alternative route and installing the new route after receiving the massage is an indication that the message has been verified); See also ¶0034 wherein the router 12D installs alternative route after receiving an “Aggregation-Exception” NLRI update from router 12C, and
refrain, by the second AS, from using the first AS to propagate the data to the victim AS (¶0028, “This approach makes use of the longest-prefix matching
forwarding lookup idea and installs the longer prefix in the data plane in order to redirect traffic to a more specific route”, wherein installing the longer prefix in order to redirect traffic to a more specific route is interpreted as refraining from using the first AS to propagate data to the victim AS).
Regarding claim 4, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the method of claim 2.
Mada further discloses wherein the second AS refrains from using the first AS by routing the data through an alternate AS (¶0028, “the peers look for the alternative next-hop in a BGP routing database and install the new route in the data plane in order to redirect the traffic”), and (¶0034, “The router 12D receives this NLRI and installs an alternate NH for this prefix in the data plane”, wherein installing alternate route and redirecting traffic is understood as refraining from using the first AS by routing the data through alternate AS).
Regarding claim 12, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the non-transitory computer-readable medium of claim 10.
Mada further discloses wherein the second AS refrains from using the first AS by routing the data through an alternate AS (¶0028, “the peers look for the alternative next-hop in a BGP routing database and install the new route in the data plane in order to redirect the traffic”), and (¶0034, “The router 12D receives this NLRI and installs an alternate NH for this prefix in the data plane”, wherein installing alternate route and redirecting traffic is understood as refraining from using the first AS by routing the data through alternate AS).
Regarding claim 5, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the method of claim 4.
Mada further discloses wherein the alternate AS is not in the set of one or more AS numbers to avoid (¶0027, FIG. 5, wherein an alternate route is installed between AS 500 and AS 200 after blackhole between AS 300 and AS 200, this alternate route is inherently not in the set of one or more AS numbers to avoid). See also ¶0031, FIG. 6 and ¶0034, FIG. 8 for similar alternate routes installed between AS as a result of blackhole along the path between two autonomous systems, these routes are not to be avoided).
Regarding claim 13, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the non-transitory computer-readable medium of claim 12.
Mada further discloses wherein the alternate AS is not in the set of one or more AS numbers to avoid (¶0027, FIG. 5, wherein an alternate route is installed between AS 500 and AS 200 after blackhole between AS 300 and AS 200, this alternate route is inherently not in the set of one or more AS numbers to avoid). See also ¶0031, FIG. 6 and ¶0034, FIG. 8 for similar alternate routes installed between AS as a result of blackhole along the path between two autonomous systems, these routes are not to be avoided).
Regarding claim 6, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the method of claim 1.
Mada further discloses wherein the second AS is in a separate network from the victim AS (FIG. 5, wherein AS400 (second AS) network is different from the networks of AS200, AS300, AS500 and AS100).
Regarding claim 14, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the non-transitory computer-readable medium of claim 9.
Mada further discloses wherein the second AS is in a separate network from the victim AS (FIG. 5, wherein AS400 (second AS) network is different from the networks of AS200, AS300, AS500 and AS100).
Regarding claim 18, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the system of claim 17.
Mada further discloses wherein the second AS is in a separate network from the victim AS (FIG. 5, wherein AS400 (second AS) network is different from the networks of AS200, AS300, AS500 and AS100).
Regarding claim 8, Mada in view of Heitz and further of Capelle and further in view of Strebe discloses the method of claim 1.
Mada further discloses wherein the first AS is associated with a potential network attack (¶0027, FIG. 5, “There is a fault 24 which causes the traffic from the device 14 to be blackholed at the router 12C since there is no route to the router 12B from the router 12C”, wherein AS300 (first AS) is associated with blackholing which is interpreted as potential network attack as packets are dropped or discarded before getting to their destination).
Regarding claim 16, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the non-transitory computer-readable medium of claim 9.
Mada further discloses wherein the first AS is associated with a potential network attack (¶0027, FIG. 5, “There is a fault 24 which causes the traffic from the device 14 to be blackholed at the router 12C since there is no route to the router 12B from the router 12C”, wherein AS300 (first AS) is associated with blackholing which is interpreted as potential network attack as packets are dropped or discarded before getting to their destination).
Regarding claim 20, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the system of claim 17.
Mada further discloses wherein the first AS is associated with a potential network attack (¶0027, FIG. 5, “There is a fault 24 which causes the traffic from the device 14 to be blackholed at the router 12C since there is no route to the router 12B from the router 12C”, wherein AS300 (first AS) is associated with blackholing which is interpreted as potential network attack as packets are dropped or discarded before getting to their destination).
Regarding claim 7, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the method of claim 1.
Mada further discloses AS300 which is associated with blackholing attack Paragraph 27, FIG. 5. and
Strebe further discloses wherein the first AS is a malicious autonomous system (AS)
(¶0096-¶0098, “After implementing NOTX requests within its own local AS network, a NOTX coordinator may then determine an AS network that is along a network path between a network router and the malicious source… In some implementations a NOTX Coordinator for a local End-User Network is configured to publish its NOTX blocking rules to AS networks included in a configuration. In some implementations, the NOTX coordinator will perform a "Trace Route" operation to detect a list of ISP Autonomous Systems between itself and each malicious source…”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the method of Mada, Heitz, Capelle, and Strebe to include malicious autonomous system as disclosed by Strebe and be motivated in doing so in order to eliminate a denial-of-service attack traffic-Strebe abstract in parts.
Regarding claim 15, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the non-transitory computer-readable medium of claim 9.
Mada further discloses AS300 which is associated with blackholing attack Paragraph 27, FIG. 5. and
Strebe further discloses wherein the first AS is a malicious autonomous system (AS) (¶0096-¶0098, “After implementing NOTX requests within its own local AS network, a NOTX coordinator may then determine an AS network that is along a network path between a network router and the malicious source… In some implementations a NOTX Coordinator for a local End-User Network is configured to publish its NOTX blocking rules to AS networks included in a configuration. In some implementations, the NOTX coordinator will perform a "Trace Route" operation to detect a list of ISP Autonomous Systems between itself and each malicious source…”).
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the non-transitory computer-readable medium of Mada, Heitz, Capelle, and Strebe to include malicious autonomous system as disclosed by Strebe and be motivated in doing so in order to eliminate a denial-of-service attack traffic-Strebe abstract in parts.
Regarding claim 19, Mada in view of Heitz and further in view of Capelle and further in view of Strebe discloses the system of claim 17.
Mada further discloses AS300 which is associated with blackholing attack Paragraph 27, FIG. 5. and
Strebe further discloses wherein the first AS is a malicious autonomous system (AS) (¶0096-¶0098, “After implementing NOTX requests within its own local AS network, a NOTX coordinator may then determine an AS network that is along a network path between a network router and the malicious source… In some implementations a NOTX Coordinator for a local End-User Network is configured to publish its NOTX blocking rules to AS networks included in a configuration. In some implementations, the NOTX coordinator will perform a "Trace Route" operation to detect a list of ISP Autonomous Systems between itself and each malicious source…”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of applicant’s invention to modify the system of Mada, Heitz, Capelle, and Strebe to include malicious autonomous system as disclosed by Strebe and be motivated in doing so in order to eliminate a denial-of-service attack traffic-Strebe abstract in parts.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495