Office Action Predictor
Last updated: April 16, 2026
Application No. 18/631,514

SYSTEMS AND METHODS TO REDIRECT DDOS ATTACK USING REMOTE MITIGATION TOOLS

Final Rejection §103
Filed
Apr 10, 2024
Examiner
KIM, HEE SOO
Art Unit
2443
Tech Center
2400 — Computer Networks
Assignee
Centurylink Intellectual Property LLC
OA Round
2 (Final)
79%
Grant Probability
Favorable
3-4
OA Rounds
2y 12m
To Grant
78%
With Interview

Examiner Intelligence

Grants 79% — above average
79%
Career Allow Rate
430 granted / 545 resolved
+20.9% vs TC avg
Minimal -0% lift
Without
With
+-0.5%
Interview Lift
resolved cases with interview
Typical timeline
2y 12m
Avg Prosecution
34 currently pending
Career history
579
Total Applications
across all art units

Statute-Specific Performance

§101
14.1%
-25.9% vs TC avg
§103
43.9%
+3.9% vs TC avg
§102
21.2%
-18.8% vs TC avg
§112
11.4%
-28.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 545 resolved cases

Office Action

§103
DETAILED ACTION This action is responsive to amendment filed on November 25th, 2025. Claims 1~4 and 6~18 are examined. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claims 1~4 and 6~18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. Claims 1, 3, 4, 6, 7, and 11~18 are rejected under 35 U.S.C. 103 as being unpatentable over Shapira et al. hereinafter Shapira (U.S 2017/0366577) in view of Sawyer et al. hereinafter Sawyer (U.S 2020/0267086). Regarding Claim 1, Shapira taught a system comprising: a first network device, in a first autonomous system, the first network device comprising at least one processing circuit and memory, and being configured [¶4, incoming/outgoing Internet traffic for an organization can be routed through scrubbing centers by the organization's edge router announcing that the scrubbing centers' autonomous system (AS) is the owner of the organization's IP range; Note: implies the packet traverses through different AS belonging to other organizations]: to receive a packet, comprising a request for a service, from a request source [¶42, Fig. 5, end user 120 sends request intended for protected server 170]; to modify a source address of the packet to an address of the first network device [¶42, replace the source address of the end user 120 (1.1.1.1) with a spoofed source IP address (3.3.3.3)]. to modify a destination address of the packet to an address of a second network device in a second autonomous system, different from the first autonomous system [¶42, replace the destination address (the public IP address, 1.1.1.2) with the true, private IP address of the protected server (1.2.3.4)]; and to send the packet to the second network device [¶42, Fig. 5, ‘510’]. Shapira did not specifically teach wherein the modifying of the source address, the modifying of the destination address, and the sending of the packet to the second network device are in response to determining that a load on the first network device has exceeded a threshold. Sawyer taught wherein the modifying of the source address, the modifying of the destination address, and the sending of the packet to the second network device are in response to determining that a load on the first network device has exceeded a threshold [¶88, process 1000 may include determining traffic, load, and/or clients to shift from the impacted site; traffic shaping device 910 may identify that the impacted site is experiencing 5% load in excess of a steady state load threshold. Traffic shaping device 910 may identify a subset of clients that are suspected of attacking the impacted site with a distributed denial of service (DDoS); ¶92, process 1000 may include converting the addressing of the selected one or more entries from the second address space of the secondary shadow Anycast network to the corresponding addressing in the first address space of the primary Anycast network; ¶93, process 1000 may also include modifying one or more entries of DNS servers to facilitate the traffic shift based on the newly advertised Anycast addressing]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine,Sawyer’s teaching of limitations with the teachings of Shapira, because the combination would control traffic flow and rate-limit malicious traffic to prevent network saturation, ensuring services remain available. Regarding Claim 3, Shapira taught wherein the request for a service is a request for a Domain Name Service lookup [¶33, the end user 120 may look up the IP address of the protected network using a name service]. Regarding Claim 4, Shapira taught wherein the first network device comprises a Domain Name Service server [¶33, using a name service implies a DNS server]. Regarding Claim 6, Shapira taught wherein the modifying of the source address, the modifying of the destination address, and the sending of the packet to the second network device are further in response to receiving, by the first network device, an indication that an attack on the first network device is in progress [¶34, traffic considered illegitimate or malicious is dropped 407 by the scrubbing center 140 and thus never reaches the protected network 160]. Regarding Claim 7, Shapira taught further comprising a threat intelligence system configured to send the indication to the first network device [¶34, scrubbing center]. Regarding Claim 11, Shapira taught wherein the first network device is further configured: to receive a response to the request from the second network device; and to send the response to the request source [¶43, Fig. 5, response 515]. Regarding Claim 12, Shapira taught wherein the first network device is further configured, before sending the response to the request source: to modify a source address of the response; and to modify a destination address of the response to an address of the request source [¶43, Fig. 5, response 520]. Regarding Claim 13, Shapira taught wherein the first network device is further configured: to receive the packet from the second network device; and to send a response to the second network device [¶43, Fig. 5]. Regarding Claim 14, Shapira wherein the first network device is further configured: to receive the response from the second network device; and to send the response to the request source [¶43, Fig. 5]. Regarding Claim 15, Shapira taught wherein the first network device is further configured, before sending the response to the request source: to modify a source address of the response; and to modify a destination address of the response to an address of the request source [¶43, Fig. 5]. Regarding Claim 16, Shapira taught wherein the first network device is further configured: to receive the packet from the second network device; and to send a response to the request source [¶43, Fig. 5]. Regarding Claims 17 and 18, the claims are similar in scope to claims 1, 3, and 6 respectively and therefore, rejected under the same rationale. Claims 2 and 8~10 are rejected under 35 U.S.C. 103 as being unpatentable over Shapira and Sawyer in view of Prakash et al. hereinafter Prakash (U.S 2014/0304412). Regarding Claim 2, Shapira-Sawyer-Prakash taught wherein the first network device is configured: to receive a plurality of packets including the packet; and to send the packets, in round-robin fashion, to a plurality of devices in one or more autonomous systems, including the second autonomous system, different from the first autonomous system [¶278, engine 548 may select the server according to a round robin method]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Prakash’s teaching of limitations with the teachings of Shapira, because the combination would allow the user configure individual policies for different client locations and configure different levels of granularity for preferred backup locations [¶289]. Regarding Claim 8, Shapira-Sawyer-Prakash taught wherein the first network device is further configured to include, in the packet, a packet identifier identifying the packet [¶208, tuples of information associated with a network packet]. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Prakash’s teaching of limitations with the teachings of Shapira, because the combination would enable receive processing to be balanced across multiple processors in the system while maintaining in-order delivery of the data [¶205]. Regarding Claim 9, Shapira-Sawyer-Prakash taught wherein the packet identifier is a port number, the port number being part of the source address [¶208, tuples of information associated with a network packet includes source TCP port and destination TCP port]. The rationale to combine as discussed in claim 8, applies here as well. Regarding Claim 10, Shapira-Sawyer-Prakash taught wherein the packet identifier is a Domain Name Service transaction identifier [¶299, the use of DNS resolver]. The rationale to combine as discussed in claim 8, applies here as well. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SOO KIM whose telephone number is (571)270-3229. The examiner can normally be reached M-F 9AM-5PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /H.K/Primary Examiner, Art Unit 2443 /HEE SOO KIM/Primary Examiner, Art Unit 2443
Read full office action

Prosecution Timeline

Apr 10, 2024
Application Filed
Aug 27, 2025
Non-Final Rejection — §103
Nov 25, 2025
Response Filed
Jan 09, 2026
Final Rejection — §103
Apr 09, 2026
Notice of Allowance
Apr 09, 2026
Response after Non-Final Action

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12592968
Cloud-based deception technology with granular scoring for breach detection
2y 5m to grant Granted Mar 31, 2026
Patent 12587522
DATA CLASSIFICATION LABEL MANAGEMENT AND ACCESS CONTROL
2y 5m to grant Granted Mar 24, 2026
Patent 12587573
REPORTING OF DELTA CHANNEL QUALITY INDICATOR (CQI)-MODULATION AND CODING SCHEME (MCS) INFORMATION
2y 5m to grant Granted Mar 24, 2026
Patent 12579296
DATA SECURITY TRANSACTIONS USING SOFTWARE CONTAINER MACHINE READABLE CONFIGURATION DATA
2y 5m to grant Granted Mar 17, 2026
Patent 12574245
HEALTHCARE DATA MANAGEMENT METHOD AND APPARATUS USING HASH VALUES ON CLOUD SERVER
2y 5m to grant Granted Mar 10, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
79%
Grant Probability
78%
With Interview (-0.5%)
2y 12m
Median Time to Grant
Moderate
PTA Risk
Based on 545 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month