Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsOracle International Corporation › 18544272
Last updated: April 19, 2026
Application No. 18/544,272

VIRTUAL NETWORK DISTRIBUTED DENIAL-OF-SERVICE SCRUBBER

Final Rejection §103
Filed
Dec 18, 2023
Examiner
KIM, TAE K
Art Unit
2496
Tech Center
2400 — Computer Networks
Assignee
Oracle International Corporation
OA Round
2 (Final)
74%
Grant Probability
Favorable
3-4
OA Rounds
3y 8m
To Grant
80%
With Interview

Interview Optional

+5.6% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 653 resolved cases, 2023–2026

Examiner Intelligence

KIM, TAE K View full profile →
Grants 74% — above average
74%
Career Allow Rate
486 granted / 653 resolved
+16.4% vs TC avg
Moderate +6% lift
Without
With
+5.6%
Interview Lift
resolved cases with interview
Typical timeline
3y 8m
Avg Prosecution
30 currently pending
Career history
683
Total Applications
across all art units

Statute-Specific Performance

§101
11.5%
-28.5% vs TC avg
§103
39.7%
-0.3% vs TC avg
§102
26.2%
-13.8% vs TC avg
§112
15.8%
-24.2% vs TC avg
Black line = Tech Center average estimate • Based on career data from 653 resolved cases

Office Action

§103
DETAILED ACTION This Action is in consideration of the Applicant’s response on December 9, 2025. Claims 1 – 8, 13, and 14 are amended by the Applicant. Claims 1 – 20, where Claims 1, 13, and 18 are in independent form, are presented for examination. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on December 9, 2025 was filed before the mailing date of the current action. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Response to Arguments Applicant's arguments filed December 9, 2025 have been fully considered but they are moot based on the new grounds of rejection necessitated by amendment. However, no amendments were made to Claim 18, and the arguments presented are only regarding amended limitations present in Claims 1 and 13. Therefore, the rejections of Claims 18 – 20 are maintained. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. Claim(s) 18 – 20 are rejected under 35 U.S.C. 103 as being anticipated by PGPub. 2021/0144517 (hereinafter “Bernat”), in view of PGPub. 2018/0255095 (hereinafter “Doron”). 1. Regarding Claim 18, Bernat discloses of a method, comprising: monitoring network traffic received by a plurality of network resources in one or more overlay networks provided by a cloud service provider infrastructure, the network traffic destined for a first compute instance [Para. 0884, 0933-934]; based at least in part on the monitoring, initiating a protected mode for a first network resource from the plurality of network resources to protect the first network resource from a potential distributed denial of service (DDoS) attack, the first network resource being associated with the first compute instance [Para. 0932-933]; and while the first network resource is in the protected mode, causing one or more packets destined for the first compute instance to be redirected Bernat, however, does not specifically disclose of redirecting the one or more packets to a DDoS scrubber system. Doron discloses of a system and method for mitigating DDoS attacks within a cloud network [Fig. 1; Para. 0023, 0026]. Doron further discloses that if a potential DDoS attack is detected, the traffic is redirected to a cloud scrubbing center (DDoS scrubber system) [Par. 0024]. It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Doron with Bernat since both systems monitor traffic directed to resources in a cloud environment. The combination enables the use of a mitigation technique known in the art for DDoS attacks. The motivation to do so is to protect the cloud system from potential harmful traffic while enabling clean traffic through to the appropriate destinations in a unified manner [Doron; Para. 0010]. 2. Regarding Claim 19, Bernat, in view of Doron, discloses the limitations of Claim 18. The combination of Bernat and Doron further discloses that the first network resource is a network virtualization device (NVD) implementing a first virtual network interface card (VNIC) associated with the first compute instance in a first overlay network from the one or more overlay networks, wherein the first VNIC enables the first compute instance to be part of the first overlay network, wherein the first VNIC is associated with a first overlay address configured for the first compute instance, wherein the first overlay address is associated with a substrate address associated with the NVD [Bernat; Fig. 32; Para. 0540-544]; initiating the protected mode for the NVD comprises: creating a first shadow VNIC corresponding to the first VNIC associated with the first compute instance [Doron; Para. 0023-24], associating the first overlay address with the first shadow VNIC [Doron; Para. 0023-24], associating the first shadow VNIC with a substrate address associated with the DDoS scrubber system [Doron; Para. 0023-24], and publishing, to the one or more overlay networks provided by the cloud service provider infrastructure, information indicative of the set of one or more shadow VNICs [Doron; Para. 0023-24]; causing one or more packets to be redirected to the DDoS scrubber system comprises: for a first packet in the one or more packets, the first packet being destined for the first overlay address configured for the first compute instance [Doron; Para. 0023-24], determining that, for the first overlay address, the first packet is to be sent to the substrate address associated with the DDoS scrubber system [Doron; Para. 0023-24], and sending the first packet to the DDoS scrubber system [Doron; Para. 0023-24]; and the DDoS scrubber system determines whether the first packet is to be forwarded to the NVD [Doron; Para. 0023-24]. 3. Regarding Claim 20, Bernat, in view of Doron, discloses the limitations of Claim 18. The combination of Bernat and Doron further discloses that the first network resource is a virtual network interface card (VNIC) associated with the first compute instance in a first overlay network from the one or more overlay networks, wherein the VNIC enables the first compute instance to be part of the first overlay network, wherein the VNIC is associated with a first overlay address configured for the first compute instance, wherein the first overlay address is associated with a substrate address associated with an network virtualization device (NVD) implementing the VNIC [Bernat; Fig. 32; Para. 0540-544]; initiating the protected mode for the VNIC comprises: creating a shadow VNICs corresponding to the VNIC associated with the first compute instance [Doron; Para. 0023-24], associating the first overlay address with the shadow VNIC [Doron; Para. 0023-24], associating the shadow VNIC with a substrate address associated with the DDoS scrubber system [Doron; Para. 0023-24], and publishing, to the one or more overlay networks provided by the cloud service provider infrastructure, information indicative of the set of one or more shadow VNICs [Doron; Para. 0023-24]; causing one or more packets to be redirected to the DDoS scrubber system comprises: for a first packet in the one or more packets, the first packet being destined for the first overlay address configured for the first compute instance, determining that, for the first overlay address, the first packet is to be sent to the substrate address associated with the DDoS scrubber system [Doron; Para. 0023-24], and sending the first packet to the DDoS scrubber system [Doron; Para. 0023-24]; and the DDoS scrubber system determines whether the first packet is to be forwarded to the NVD [Doron; Para. 0023-24]. Claim(s) 1 – 17 are rejected under 35 U.S.C. 103 as being unpatentable over Bernat, in view of Doron, in further view of PGPub. 2015/0301844 (hereinafter “Droux”). 4. Regarding Claim 1, Bernat discloses of a method, comprising: monitoring network traffic received by a network virtualization device (NVD) in a cloud service provider infrastructure, the NVD executing a set of one or more virtual network interface cards (VNICs) associated with a set of one or more compute instances in one or more overlay networks provided by the cloud service provider infrastructure, the network traffic destined for at least one compute instance from the set of one or more compute instances [Para. 0884, 0933-934]; based at least in part on the monitoring, initiating a protected mode for the NVD to protect the NVD from a potential distributed denial of service (DDoS) attack [Para. 0932-933], ; and while the NVD is in the protected mode, causing one or more packets destined for the set of one or more compute instances to be redirected , Bernat, however, does not specifically disclose that the initiating comprises deploying in a DDoS scrubber system, on or more shadow VNICs associated with the one or more VNICs included in the NVD or of redirected to the one or more shadow VNICs included in the DDoS scrubber system instead of being sent to the NVD, wherein the one or more packets are redirected by updating VNIC mappings of another NVD that is associated with a source of the one or more packets. Doron discloses of a system and method for mitigating DDoS attacks within a cloud network [Fig. 1; Para. 0023, 0026]. Doron further discloses that if a potential DDoS attack is detected, the traffic is redirected to a cloud scrubbing center (DDoS scrubber system) [Par. 0024]. It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Doron with Bernat since both systems monitor traffic directed to resources in a cloud environment. The combination enables the use of a mitigation technique known in the art for DDoS attacks. The motivation to do so is to protect the cloud system from potential harmful traffic while enabling clean traffic through to the appropriate destinations in a unified manner [Doron; Para. 0010]. Doron, however, does not specifically disclose that the initiating comprises deploying one or more shadow VNICs associated with the one or more VNICs included in the NVD or that the one or more packets are redirected by updating VNIC mappings of another NVD that is associated with a source of the one or more packets. Droux discloses a system and method of mapping virtual network functions to a virtual machine [Abstract]. Droux further discloses of deploying shadow VNICs to implement NIC virtual functions assigned to VNICs (deploying one or more shadow VNICs associated with the one or more VNICs included in the NVD) [Figs. 4A-4B; Para. 0035, 0038-40, 0043]. Droux further discloses that the virtual machines are then assigned to the shadow VNICs (one or more packets are redirected by updating VNIC mappings of another NVD that is associated with a source of the one or more packets) [Para. 0004, 0035-37]. It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Droux with Bernat and Doron since the virtualization of a network function to monitor or scrub data packets can be assigned to a particular VNIC. The utilization of shadow VNICs allows the host OS to monitor, alter, or modify the VNIC and interact with the NIC resources via a NIC physical function [Droux, Para .0034-35]. 5. Regarding Claim 2, Bernat, in view of Doron and Droux, discloses the limitations of Claim 1 above. The combination of Bernat and Doron further discloses that initiating the protected mode for the NVD comprises: determining the set of one or more VNICs executed by the NVD, the set of one or more VNICs including a first VNIC associated with a first compute instance in the set of one or more compute instances, the first VNIC associated with a first overlay address configured for the first compute instance, wherein the first overlay address is associated with a substrate address associated with the NVD [Bernat; Fig. 32; Para. 0540-544]; creating a set of one or more shadow VNICs for the set of one or more VNICs [Doron; Para. 0023-24]; associating the set of one or more shadow VNICs with the DDoS scrubber system [Doron; Para. 0023-24]; and publishing, to the one or more overlay networks provided by the cloud service provider infrastructure, information indicative of the set of one or more shadow VNICs [Doron; Para. 0023-24]. 6. Regarding Claim 3, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. Doron further discloses that causing the one or more packets destined for the set of one or more compute instances to be redirected to the DDoS scrubber system comprises redirecting the one or more packets to the DDoS scrubber system due to the set of one or more shadow VNICs [Para. 0023-24]. 7. Regarding Claim 4, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. The combination of Bernat and Doron further discloses that the set of one or more VNICs contains a plurality of VNICs [Bernat; Fig. 32; Para. 0540-544]; and the set of one or more shadow VNICs contains a single shadow VNIC [Doron; Para. 0023-24]. 8. Regarding Claim 5, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. The combination of Bernat and Doron further discloses that the set of one or more VNICs contains a plurality of VNICs [Bernat; Fig. 32; Para. 0540-544]; and the set of one or more shadow VNICs contains a plurality of shadow VNICs, the plurality of shadow VNICs comprising a shadow VNIC corresponding to each VNIC in the plurality of VNICs [Doron; Para. 0023-24]. 9. Regarding Claim 6, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. The combination of Bernat and Doron further discloses that the set of one or more VNICs contains a plurality of VNICs [Bernat; Fig. 32; Para. 0540-544]; and the set of one or more shadow VNICs contains a plurality of shadow VNICs, wherein a number of shadow VNICs in the plurality of shadow VNICs is less than a number of VNICs in the plurality of VNICs [Doron; Para. 0023-24]. 10. Regarding Claim 7, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. Doron further discloses that the DDoS scrubber system includes at least one of a host machine configured to implement at least one shadow VNIC from the set of one or more shadow VNICs or at least one NVD configured to implement at least one shadow VNIC from the set of one or more shadow VNICs [Figs. 2 and 7; Para. 0023-25]. 11. Regarding Claim 8, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. Doron further discloses that creating the set of one or more shadow VNICs for the set of one or more VNICs comprises: creating a first shadow VNIC corresponding to the first VNIC associated with the first compute instance [Para. 0023-25], and associating the first overlay address with the first shadow VNIC [Para. 0023-25]; and associating the set of one or more shadow VNICs with the DDoS scrubber system comprises associating the first shadow VNIC with a substrate address associated with the DDoS scrubber system [Para. 0023-25]. 12. Regarding Claim 9, Bernat, in view of Doron and Droux, discloses the limitations of Claim 8 above. Doron further discloses that causing the one or more packets to be redirected to the DDoS scrubber system comprises: for a first packet in the one or more packets, the first packet being destined for the first overlay address configured for the first compute instance [Para. 0023-25]; determining that, for the first overlay address, the first packet is to be sent to the substrate address associated with the DDoS scrubber system [Para. 0023-25]; and sending the first packet to the DDoS scrubber system [Para. 0023-25]. 13. Regarding Claim 10, Bernat, in view of Doron and Droux, discloses the limitations of Claim 1 above. Doron further discloses of performing, by the DDoS scrubber system, at least one action on at least one of the one or more packets [Para. 0023-25]; wherein the performing comprises dropping the one or more packets, throttling the one or more packets, or forwarding the one or more packets to the NVD [Para. 0023-25]. 14. Regarding Claim 11, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. Doron further discloses that the potential distributed denial of service (DDoS) attack is determined when the network traffic is above a predetermined threshold comprising greater than 80% average link utilization for consecutive minutes or bursts of 100% or higher link utilization in consecutive minutes [Para. 0047, 0063]. 15. Regarding Claim 12, Bernat, in view of Doron and Droux, discloses the limitations of Claim 2 above. Bernat further discloses of exiting the protected mode for the NVD; and after the exiting, for any packet destined for a compute instance from the set of one or more compute instances, sending the packet to the NVD instead of redirecting the packet to the DDoS scrubber system [Para. 0932-934]. 16. Regarding Claim 13, Bernat discloses of a method, comprising: monitoring network traffic received by a first virtual network interface card (VNIC) associated with a first compute instance in an overlay network provided by a cloud service provider infrastructure, the network traffic destined for the first compute instance [Para. 0884, 0933-934]; based at least in part on the monitoring, initiating a protected mode for the first VNIC to protect the first VNIC from a potential distributed denial of service (DDoS) attack [Para. 0932-933],; and while the first VNIC is in the protected mode, causing one or more packets destined for the first compute instance to be redirected wherein the first VNIC is associated with a first overlay address configured for the first compute instance, and the first overlay address is associated with a substrate address associated with the NVD implementing the first VNIC [Para. 0530, 0540-543], Bernat, however, does not specifically disclose that the initiating comprises deploying in a DDoS scrubber system, a first shadow VNICs associated with the first VNIC or that the one or more packets are redirected by updating a VNIC mapping of another NVD that is associated with a source of the one or more packets. Doron discloses of a system and method for mitigating DDoS attacks within a cloud network [Fig. 1; Para. 0023, 0026]. Doron further discloses that if a potential DDoS attack is detected, the traffic is redirected to a cloud scrubbing center (DDoS scrubber system) [Par. 0024]. It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Doron with Bernat since both systems monitor traffic directed to resources in a cloud environment. The combination enables the use of a mitigation technique known in the art for DDoS attacks. The motivation to do so is to protect the cloud system from potential harmful traffic while enabling clean traffic through to the appropriate destinations in a unified manner [Doron; Para. 0010]. Doron, however, does not specifically disclose that the initiating comprises deploying a first shadow VNIC associated with the first VNIC or that the one or more packets are redirected by updating a VNIC mapping of another NVD that is associated with a source of the one or more packets. Droux discloses a system and method of mapping virtual network functions to a virtual machine [Abstract]. Droux further discloses of deploying shadow VNICs to implement NIC virtual functions assigned to VNICs (deploying a first shadow VNIC associated with the first VNIC) [Figs. 4A-4B; Para. 0035, 0038-40, 0043]. Droux further discloses that the virtual machines are then assigned to the shadow VNICs (one or more packets are redirected by updating VNIC mappings of another NVD that is associated with a source of the one or more packets) [Para. 0004, 0035-37]. It would have been obvious to one skilled in the art before the effective filing date of the current invention to incorporate the teachings of Droux with Bernat and Doron since the virtualization of a network function to monitor or scrub data packets can be assigned to a particular VNIC. The utilization of shadow VNICs allows the host OS to monitor, alter, or modify the VNIC and interact with the NIC resources via a NIC physical function [Droux, Para .0034-35]. 17. Regarding Claim 14, Bernat, in view of Doron and Droux, discloses the limitations of Claim 13. Doron further discloses that initiating the protected mode for the first VNIC comprises: creating a first shadow VNIC corresponding to the first VNIC associated with the first compute instance [Para. 0023-24]; associating the first overlay address with the first shadow VNIC [Para. 0023-24]; associating the first shadow VNIC with a substrate address associated with the DDoS scrubber system [Para. 0023-24]; and publishing, to the overlay network provided by the cloud service provider infrastructure, information indicative of the first shadow VNIC [Para. 0023-24]. 18. Regarding Claim 15, Bernat, in view of Doron and Droux, discloses the limitations of Claim 14. Doron further discloses that causing one or more packets to be redirected to the DDoS scrubber system comprises: for a first packet in the one or more packets, the first packet being destined for the first overlay address configured for the first compute instance [Para. 0023-24]; determining that, for the first overlay address, the first packet is to be sent to the substrate address associated with the DDoS scrubber system [Para. 0023-24]; and sending the first packet to the DDoS scrubber system [Para. 0023-24]. 19. Regarding Claim 16, Bernat, in view of Doron and Droux, discloses the limitations of Claim 14. Doron further discloses that the DDoS scrubber system includes at least one host machine configured to implement the first shadow VNIC or at least one NVD configured to implement the first shadow VNIC [Figs. 2 and 7; Para. 0023-25]. 20. Regarding Claim 17, Bernat, in view of Doron and Droux, discloses the limitations of Claim 14. Doron further discloses of performing, by the DDoS scrubber system, at least one action on the one or more packets [Para. 0023-25]; wherein the performing comprises dropping the one or more packets, throttling the one or more packets, or forwarding the one or more packets to the NVD [Para. 0023-25]. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contacts Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tae K. Kim, whose telephone number is (571) 270-1979. The examiner can normally be reached on Monday - Friday (10:00 AM - 6:30 PM EST). If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jorge Ortiz-Criado, can be reached on (571) 272-7624. The fax phone number for submitting all Official communications is (703) 872-9306. The fax phone number for submitting informal communications such as drafts, proposed amendments, etc., may be faxed directly to the examiner at (571) 270-2979. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). /TAE K KIM/Primary Examiner, Art Unit 2496
Read full office action

Prosecution Timeline

Dec 18, 2023
Application Filed
Jun 10, 2025
Non-Final Rejection — §103
Dec 09, 2025
Response Filed
Jan 08, 2026
Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/260,702
Patent 12598064
ESTABLISHING TRUST BY A COMMUNITY OF VEHICLES
2y 5m to grant Granted Apr 07, 2026
18/552,877
Patent 12591655
SYSTEMS AND METHODS OF PROTECTING SECRETS IN USE WITH CONTAINERIZED APPLICATIONS
2y 5m to grant Granted Mar 31, 2026
18/131,801
Patent 12574241
TECHNIQUES FOR MANUAL VERIFICATION
2y 5m to grant Granted Mar 10, 2026
17/595,153
Patent 12561470
DATA PROTECTION VIA ATTRIBUTES-BASED AGGREGATION
2y 5m to grant Granted Feb 24, 2026
18/508,865
Patent 12562898
NATIVE APPLICATION INTEGRATION IN DATA SYSTEM
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
74%
Grant Probability
80%
With Interview (+5.6%)
3y 8m
Median Time to Grant
Moderate
PTA Risk
Based on 653 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month