Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsHewlett Packard Enterprise Development LP › 18657504
Last updated: April 19, 2026
Application No. 18/657,504

TRAFFIC BURST CAPACITY ALLOCATION

Non-Final OA §103
Filed
May 07, 2024
Examiner
BARKER, TODD L
Art Unit
2449
Tech Center
2400 — Computer Networks
Assignee
Hewlett Packard Enterprise Development LP
OA Round
2 (Non-Final)
76%
Grant Probability
Favorable
2-3
OA Rounds
2y 4m
To Grant
99%
With Interview

Interview Optional

+23.4% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 383 resolved cases, 2023–2026

Examiner Intelligence

BARKER, TODD L View full profile →
Grants 76% — above average
76%
Career Allow Rate
289 granted / 383 resolved
+17.5% vs TC avg
Strong +23% interview lift
Without
With
+23.4%
Interview Lift
resolved cases with interview
Typical timeline
2y 4m
Avg Prosecution
40 currently pending
Career history
423
Total Applications
across all art units

Statute-Specific Performance

§101
12.0%
-28.0% vs TC avg
§103
44.6%
+4.6% vs TC avg
§102
10.8%
-29.2% vs TC avg
§112
22.4%
-17.6% vs TC avg
Black line = Tech Center average estimate • Based on career data from 383 resolved cases

Office Action

§103
Detailed Action The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The Office Action is in response to claims filed on 11/21/2025 where claims 1-3, 5-16, and 18-20 are pending and ready for examination. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The Examiner has withdrawn the 35 USC 112(b) rejection from the Office Actin furnished on 7/31/2025. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2 and 9-12 are rejected under 35 USC 103 as being unpatentable over Kommula (US 20250211575) in view of Haddock (6,859,438) Regarding claim 1, Kommula discloses a non-transitory machine-readable storage medium comprising instructions that upon execution cause a protection system to: determine a measure of traffic integrity of data traffic in the computing environment based on a presence of an attack traffic in the data traffic a property of the data traffic, wherein the presence of the attack traffic is determined based on one or more of one-way traffic flow property, an error indication property, a firewall drop count property, an alert property, a host or port scan property, or a reputation property of an IP address (Kommula; Kommula derives flow evaluation metrics based on successful and failed firewall evaluations, which quantify whether traffic flows satisfy expected network behavior and therefore represent a measure of tgraffic integrity of the data; see e.g. [0166] In some examples, as part of ranking the plurality of flows indicated by the telemetry data according to importance, PATE analytics unit 604 may, for each respective flow of the plurality of flows, determine importance criteria, the importance criteria including at least one of: a flow hit rate, wherein the flow hit rate includes a number of successful firewall flow evaluations for the respective flow out of a total number of evaluations for the respective flow during a time period; a related flow hit rate, wherein the related flow hit rate includes an indication of a number of successful firewall flow evaluations for one or more related flows to the respective flow out of a total number of evaluations for the one or more related flows during the time period; a flow close missed rate, wherein the flow close missed rate includes an indication of the number of failed firewall flow evaluations for the respective flow meeting an attribute threshold out of the total number of evaluations for the respective flow during the time period; or a flow criticality” see e.g. [0168] “In some examples, as part of determining the flow close missed rate, PATE analytics unit 604 may determine a first number of attributes of the respective flow that failed during a first firewall flow evaluation of the respective flow; determine that the first number of attributes meets the attribute threshold; and based on the first number of attributes meeting the attribute threshold, classify the first firewall flow evaluation of the respective flow as a close miss; determine a second number of attributes of the respective flow that failed during a second firewall flow evaluation of the respective flow; determine that the second number of attributes does not meet the attribute threshold; and based on the second number of attributes not meeting the attribute threshold, classify the second firewall flow evaluation of the respective flow as not being a close miss. In some examples, the attribute threshold is user definable”); and responsive to determining that the measure of traffic integrity exceeds an integrity threshold, based on the determined traffic integrity in the computing environment, (Kommula; Kommula ([0166], [0168] ) teaches the evaluation of traffic flows using firewall derived flow metrics and determines whether the evaluated attributes of the flow meet an attribute threshold. Because those firewall evaluation metrics indicated whether the traffic flow behaves normally or anomalously, the attribute threshold applied to those metrics functions as the claimed integrity threshold, and determining that threshold corresponds to determining that the traffic integrity metric exceeds the integrity threshold.) Kommula does not expressly disclose: determine, based on monitoring a traffic volume in a computing environment, a baseline traffic threshold for the computing environment; allocate, based on a capacity of the protection system and the baseline traffic threshold, a burst threshold to the computing environment for adding a traffic burst capacity, wherein the protection system is configured to protect the computing environment against a distributed denial of service (DDoS) attack; allow additional traffic in the computing environment beyond the baseline traffic threshold up to the burst threshold; However in analogous art Haddock discloses: determine, based on monitoring a traffic volume in a computing environment, a baseline traffic threshold for the computing environment (Haddock; Haddock teaches a maximum bandwidth realized over a defined time period indicative of a baseline traffic threshold; see e.g. Column 8, Lines 16 - 22 “Maximum bandwidth is the maximum sustained bandwidth the traffic group can realize over a defined time period ...”; allocate, based on a capacity of the protection system and the baseline traffic threshold, a burst threshold to the computing environment for adding a traffic burst capacity (Haddock teaches allocating more bandwidth (i.e. capacity) during a burst that is limited by a peak bandwidth (i.e. burst threshold; see e.g. Column 8, Lines 16 - 22 “... peak bandwidth represents the bandwidth a traffic group may utilize during a particular time interval in excess of the maximum bandwidth. The peak bandwidth parameter may be used to limit traffic bursts for the traffic group with which it is associated ... “) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Kommula in view of Haddock discloses: allocate, based on a capacity of the protection system and the baseline traffic threshold, a burst threshold to the computing environment for adding a traffic burst capacity, wherein the protection system is configured to protect the computing environment against a distributed denial of service (DDoS) attack (The combined solution provides for a DDoS Attack environment (i.e. Kommula) utilizing Haddock’s scheme; see e.g. [0113] “ ... a distributed denial-of-service (DDOS) attacker, external attacker, and an internal attacker use cases ...”); responsive to determining that the measure of traffic integrity exceeds an integrity threshold, based on the determined traffic integrity in the computing environment, allow additional traffic in the computing environment beyond the baseline traffic threshold up to the burst threshold (The combined invention provides for utilizing Haddock’s burst scheme in response to the measure of traffic integrity exceeding Kommula’s integrity threshold. Haddock’s peak bandwidth parameter defines the bounded burst capacity above the baseline bandwidth thereby allowing additional traffic to be processed within a controlled burst window; The Examiner notes the post-processing of the firewall statistics used to derive the traffic integrity metric may including sorting, scaling, or normalizing metric values so that the resulting values fall within a compatible analytical range. Such normalization allows the integrity metric to be compared against the integrity threshold on a consistent scale. This processing enables range-compatible evaluation of the integrity metric relative to threshold conditions.) Regarding claim 2, Kommula in view of Haddock discloses the non-transitory machine-readable storage medium of claim 1, wherein the traffic volume comprises traffic flows in the computing environment, and the baseline traffic threshold is a baseline flow threshold that restricts a quantity of traffic flows that are allowed, and wherein allowing the additional traffic in the computing environment comprises allowing an additional quantity of traffic flows in the computing environment beyond the baseline flow threshold up to the burst threshold (The combined solution per Independent claim 1 provides for the maximum limit as a baseline flow that restricts flows and where the peak limit provides for a burst threshold during the burst traffic period See e.g. Haddock, Column 8, Lines 16 - 22). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Regarding claim 9, Kommula in view of Haddock disclose the non-transitory machine-readable storage medium of claim 6, wherein the capacity of the protection system comprises a flow capacity, and wherein the instructions upon execution cause the protection system to (The combined solution provides for a flow capacity per Haddocks maximum and peak limits): determine a reserve flow capacity of the protection system based on the flow capacity of the protection system and the baseline flow thresholds (The reserve flow capacity may be equated to the peak limit – maximum limit); and compute the burst threshold for the first zone based on the reserve flow capacity (The burst threshold is peak limit that may be achieved during burst traffic per Haddock for a first zone (Gubanov). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Regarding claim 10, Kommula in view of Haddock disclose the non-transitory machine-readable storage medium of claim 9, wherein the instructions upon execution cause the protection system to: compute, based on the reserve flow capacity, a further burst threshold for a second zone of the plurality of zones (The combined solution provides for one of ordinary skill in the art to apply reserve capacity and burst threshold capacities in duplicate to other zones; see e.g. MPEP Duplication of Parts); and allow, for the second zone, an establishment of a quantity of traffic flows in the second zone beyond the baseline flow threshold for the second zone up to the further burst threshold (The combined solution provides for the second to reach a peak limit per Haddock’s burst traffic scheme to surpass the maximum limit (i.e. baseline flow threshold). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Regarding claim 11. Kommula in view of Haddock disclose the non-transitory machine-readable storage medium of claim 10, wherein the further burst threshold for the second zone is different from the burst threshold for the first zone (One of ordinary skill in the art would readily recognzize that different zones may be configured with different burst thresholds as a matter of system configuration or design choice. Applying different threshold values to different zones represents a predictable variation in traffic management policies and yields the expected result of controlling burst traffic according to the characteristics of each zone) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Regarding claim 12, Kommula in view of Haddock disclose the non-transitory machine-readable storage medium of claim 9, wherein the instructions upon execution cause the protection system to: allocate burst thresholds to the plurality of zones from the reserve flow capacity according to relative values of the baseline flow thresholds (One of ordinary skill in the art would recognize that the ranking of a plurality of flows according to importance as taught by Kommula ([0166]), provides relative values that may be used to configure traffic management thresholds and resource allocation policies. Based on such ranking, it would have been obvious to allocate reserve or burst capacity among zones according to those relative values., since flows of greater importance or higher ranking would predictably be assigned assigned greater allowable traffic capacity or thresholds within the protections system). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Claims 3 and 5 are rejected under 35 USC 103 as being unpatentable over Kommula in view of Haddock and in further view of Newman (US 2006/0028999) Regarding claim 3, Kommula in view of Newman disclose the non-transitory machine-readable storage medium of claim 2, Kommula does not expressly disclosed wherein determining the baseline flow threshold is based on a count of traffic flows in the computing environment during one or more sampling intervals. However in analogous art Newman discloses: wherein determining the baseline flow threshold is based on a count of traffic flows in the computing environment during one or more sampling intervals (Newman; see e.g. Claim 1 “ 1. A computer system for gathering, processing and analysis of network information resulting in presentation and visualization of packet networks in a time-dependent dynamics, comprising: at least one network interface unit, containing NIC, which collects all valid data-link network packets (or parts thereof required for gathering the statistics) and, optionally, retrieves virtual flow statistical and identity information from the packets or parts thereof; at least one information processing unit, which retrieves, (if not done by the network interface units), the virtual flow statistical and identity information from the packets/parts thereof, maps and processes the information each time-sampling interval into any configurable combination of statistics counters chosen from virtual flow, OSI layer-2 and layer-3 address, network devices, OSI levels 3, 4, 5 and 6 protocol, OSI level-7 application and aggregate-virtual-flow based counters ...”) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Newman’s scheme. The motivation being the combined solution provides for implementing a known technique resulting in increased efficiencies for managing network traffic. Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies Regarding claim 5, Kommula in view of Haddock disclose the non-transitory machine-readable storage medium of claim 1, wherein the determining that the measure of traffic integrity exceeds the integrity threshold occurs at a first time (Per Independent claim 1 the traffic integrity may exceed an integrity threshold at a first initial time), Kommula does not expressly disclose wherein the instructions upon execution cause the protection system to: determine, at a second time different from the first time, that the measure of traffic integrity is less than the integrity threshold; and responsive to determining that the measure of traffic integrity determined at the second time is less than the integrity threshold, prevent additional traffic in the computing environment beyond the baseline traffic threshold. However in analogous art Newman discloses: determine, at a second time different from the first time (Newman teaches sampling flows at different time intervals; see e.g. Claim 1) , prevent additional traffic in the computing environment (Newman; Newman teaches .blocking malicious traffic; See e.g. 9. The computer system as defined in claim 1, wherein said information network interface, processing, and data storage units are configured to screen the gathered packets or their parts and/or virtual flow counters to discover signatures of viruses, worms, intrusion attempts or DOS/DDOS attacks and to trigger notification and/or dispatch blocking the virtual flows with malicious traffic.) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Newman’s sampling and blocking scheme. The motivation being the combined solution provides for implementing a known technique resulting in one of ordinary skill in the art to create customized policies for handling various types of traffic flows. Kommula in view of Haddock and in further view of Newman disclose: determine, at a second time different from the first time, that the measure of traffic integrity is less than the integrity threshold (The combined solution provides for analysis of flows at various intervals (e.g. a second time) and where there may be a case of the measure of traffic integrity is less than the integrity threshold); and responsive to determining that the measure of traffic integrity determined at the second time is less than the integrity threshold, prevent additional traffic in the computing environment beyond the baseline traffic threshold (The combined solution provides for blocking traffic via Newman’s block scheme in response to the measure of traffic integrity at the second time is less than the integrity threshold). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Claims 6, 16, 18, and 19 are rejected under 35 USC 103 as being unpatentable over Kommula in view of Haddock and in further view of Gubanov (US 20250133061) Regarding claim 6, Kommula in view of Haddock disclose the non-transitory machine-readable storage medium of claim 1, Kommula does not expressly disclose wherein the computing environment comprises a plurality of zones, wherein the traffic volume comprises traffic flows in respective zones of the plurality of zones, and the baseline traffic threshold is a baseline flow threshold for a first zone of the plurality of zones, the baseline flow threshold restricting a quantity of traffic flows that are allowed, wherein the measure of traffic integrity is determined for the first zone based on a property of traffic flows in the first zone, and wherein the instructions upon execution cause the protection system to: determine, based on monitoring the traffic flows in the respective zones, baseline flow thresholds for the respective zones; allocate, based on the capacity of the protection system and the baseline flow thresholds, the burst threshold to the first zone; and based on the determined measure of traffic integrity for the first zone, allow an establishment of a quantity of traffic flows in the first zone beyond the baseline flow threshold for the first zone up to the burst threshold. However in analogous art Gubanov discloses: zones (Gubanov; Gubanov within the context of DDOS utilizes zones for traffic flows; see e.g. [0101] “... includes identifying firewall zones for each communication flow in block 326, if it is determined that the firewall uses a zone approach to protect the network at block 328” see e.g. [0104] At block 332, the communication flow matrix can be generated and defined using data from each of blocks 324 to 330. The communication flow matrix can further be utilized to generate a firewall data table that includes data categories including Sequence number (#), Source IP, Destination IP, Protocol, Destination Port, Action, Source interface or Source Zone, and Destination interface or Destination Zone) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Gubanov’s zones. The motivation being the combined solution provides for implementing a known technique resulting in increased efficiencies of managing DDOS. Moreover, one of ordinary skill in the art is readily able to create customize policies and/or rules regarding traffic capacity associated with DDOS. Kommula in view of Haddock and in further view of Gubanov discloses: wherein the computing environment comprises a plurality of zones, wherein the traffic volume comprises traffic flows in respective zones of the plurality of zones, and the baseline traffic threshold is a baseline flow threshold for a first zone of the plurality of zones, the baseline flow threshold restricting a quantity of traffic flows that are allowed (The combined solution per Gubanov provides a plurality of zones where Haddock’s baseline flow threshold provides a maximum amount of traffic flows that are allowed), wherein the measure of traffic integrity is determined for the first zone based on a property of traffic flows in the first zone (The combined invention per Kommula provides for properties of traffic flows in a first zone), and wherein the instructions upon execution cause the protection system to: determine, based on monitoring the traffic flows in the respective zones, baseline flow thresholds for the respective zones (The combined invention per Haddock provides for implementing baseline flow threshold (i.e. maximum limits) per each respective zone); allocate, based on the capacity of the protection system and the baseline flow thresholds, the burst threshold to the first zone (The combined solution per Gubanov’s zone provides for implementing the maximum limit (i.e. burst threshold) for the first zone); and based on the determined measure of traffic integrity for the first zone, allow an establishment of a quantity of traffic flows in the first zone beyond the baseline flow threshold for the first zone up to the burst threshold (The combined solution provides for a scenario resulting in achieving the maximum limit due to burst traffic (i.e. Haddock) based on Kommula’s measure of traffic integrity per a first zone (i.e. Gubanov). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Regarding claim 16, claim 16 comprises the same and/or similar subject matter as claim 6 and is considered an obvious variation; therefore it is rejected under the same rationale. Regarding claim 18, claim 18 comprises the same and/or similar subject matter as claim 6 and is considered an obvious variation; therefore it is rejected under the same rationale. Regarding claim 19, claim 19 comprises the same and/or similar subject matter as claim 6 and is considered an obvious variation; therefore it is rejected under the same rationale. Claims 7-8 are rejected under 35 USC 103 as being unpatentable over Kommula in view of Haddock and in further view of Gubanov and in further view of Newman Regarding claim 7, Kommula in view of Haddock and in further view of Gubanov disclose the non-transitory machine-readable storage medium of claim 6, wherein the instructions upon execution cause the protection system to: determine a first measure of traffic integrity of traffic flows in the first zone during an integrity sampling interval (The combined invention per Gubanov provides for sampling flows on a periodic basis (i.e. interval) which allow one of ordinary skill in the art to conduct traffic integrity measurements in a periodic fashion (i.e. successive intervals or periods; See e.g. Gubanov [0090] At block 316, the threat management system can determine if this is the first time the threat management system is performing monitoring of the firewall data at the firewall for a time period. If determined that this is the first time for monitoring firewall data at the firewall during the time period, the threat management system can repeat the steps at block 302-block 314. If determined that this is at least the second time performing the monitoring of the firewall data at the firewall during the time period, at block 318, the routine 300 can proceed to monitor a hit count at the firewall.); Kommula in view of Haddock and in further view of Gubanov does not expressly disclose: based on the first measure of traffic integrity of the traffic flows in the first zone during the integrity sampling interval exceeding an integrity threshold, determine the baseline flow threshold for the first zone based on a count of the traffic flows in the first zone . Newman discloses: a count of the traffic flows (Newman; 1. A computer system for gathering, processing and analysis of network information resulting in presentation and visualization of packet networks in a time-dependent dynamics, comprising: at least one network interface unit, containing NIC, which collects all valid data-link network packets (or parts thereof required for gathering the statistics) and, optionally, retrieves virtual flow statistical and identity information from the packets or parts thereof; at least one information processing unit, which retrieves, (if not done by the network interface units), the virtual flow statistical and identity information from the packets/parts thereof, maps and processes the information each time-sampling interval into any configurable combination of statistics counters chosen from virtual flow, OSI layer-2 and layer-3 address, network devices, OSI levels 3, 4, 5 and 6 protocol, OSI level-7 application and aggregate-virtual-flow based counters;) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Newman’s sampling and blocking scheme. The motivation being the combined solution provides for implementing a known technique resulting in one of ordinary skill in the art to create customized policies for handling various types of traffic flows. Kommula in view of Haddock and in further view of Gubanov and in further view of Newman disclose: based on the first measure of traffic integrity of the traffic flows in the first zone during the integrity sampling interval exceeding an integrity threshold, determine the baseline flow threshold for the first zone based on a count of the traffic flows in the first zone (The combined solution provides for associating a count of traffic flows in the first zone (Gubanov) per Newman’s counting scheme based on the measure of traffic integrity of lows in the first zone with integrity measurements also at sampled intervals) . Regarding claim 8. Kommula in view of Haddock and in further view of Gubanov disclose the non-transitory machine-readable storage medium of claim 6, Kommula does not expressly disclose wherein the instructions upon execution cause the protection system to: determine a second measure of traffic integrity of traffic flows in the first zone during an integrity sampling interval; and based on the second measure of traffic integrity of the traffic flows in the first zone during the integrity sampling interval being less than an integrity threshold, exclude the traffic flows in the first zone from consideration in determining the baseline flow threshold for the first zone. However in analogous art Newman discloses: sampling interval (see e.g. Claim 1 “ 1. A computer system for gathering, processing and analysis of network information resulting in presentation and visualization of packet networks in a time-dependent dynamics, comprising: at least one network interface unit, containing NIC, which collects all valid data-link network packets (or parts thereof required for gathering the statistics) and, optionally, retrieves virtual flow statistical and identity information from the packets or parts thereof; at least one information processing unit, which retrieves, (if not done by the network interface units), the virtual flow statistical and identity information from the packets/parts thereof, maps and processes the information each time-sampling interval into any configurable combination of statistics counters chosen from virtual flow, OSI layer-2 and layer-3 address, network devices, OSI levels 3, 4, 5 and 6 protocol, OSI level-7 application and aggregate-virtual-flow based counters ...”) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Newman’s scheme. The motivation being the combined solution provides for implementing a known technique resulting in increased efficiencies for managing network traffic. Kommula in view of Haddock and in further view of Gubanov and in further view of Newman determine a second measure of traffic integrity of traffic flows in the first zone during an integrity sampling interval (The combined solution provides for executing Kommula’s measure of traffic integrity in Gubanov’s zone at sampling intervals provided by Newman); and based on the second measure of traffic integrity of the traffic flows in the first zone during the integrity sampling interval being less than an integrity threshold, exclude the traffic flows in the first zone from consideration in determining the baseline flow threshold for the first zone (The combined solution per Gubanov provides for blocking malicious traffic when determining Haddock’s maximum limit (i.e. baseflow threshold) based on a second measure of traffic integrity in Gubanov’s first zone; see e.g. Gubanov [0018) “ ... the incident response procedures may entail isolating compromised systems or blocking malicious traffic ...” see e.g. Gubanov [0059] “... isolating one or more of the client devices 124 to a location or status within the network that restricts network access, blocking a network access port ...”) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Claims 13-15 and 20 are rejected under 35 USC 103 as being unpatentable over Kommula in view of Haddock and in further view of Gubanov and in further view of Anand (US 2020/0167189 ) Regarding claim 13, Kommula in view of Haddock and in further view of Gubanov disclose the non-transitory machine-readable storage medium of claim 6, Kommula does not expressly disclose wherein the instructions upon execution cause the protection system to: determine that a portion of a burst capacity of the first zone as represented by the burst threshold is unused ; add the portion of the burst capacity to an excess burst capacity pool that includes unused portions of burst capacities of the respective zones; and allow, for a second zone of the plurality of zones, an establishment of a quantity of traffic flows in the second zone beyond a burst threshold for the second zone using an excess burst capacity of the protection system as represented by the excess burst capacity pool. However in analogous art Anand discloses: Burst capacity pool (Anand; see e.g. [0061] “At 220, “burst” reserves are configured. “Burst” reserves may be resources that are intentionally left undedicated to a particular node or application, and instead are used to dynamically bridge gaps that may occur between available resources ... and intermittent “spikes” or ... Disparities between “supply” and “demand” for an application may occur for any number of reasons. For example, in the context of a gaming application, ... , “burst” reserves may provide a temporary stop-gap to handle the amount of “demand” that could otherwise crash a server/node dedicated to said application. Similarly, “burst” reserves ... intrusion attempts that may incapacitate nodes in the back-end pool for varying, and unpredictable, lengths of time. In embodiments, a single “burst” reserve may service multiple applications and/or nodes.” See e.g. [0066] ... the percentage of system capacity that may be held in “burst” reserve for a given application (e.g., the amount of system capacity held in “burst” reserve for a particular application, as opposed to the “burst” reserve for the entire back-end pool), and the periods of time when an application may experience increased demand or when the application may be critical/necessary to meet business imperatives ...” See e.g. [0023] “... 4) the percentage of the back-end pool's capacity that should be reserved for “bursts” (e.g., spikes in network traffic due to anomalies, end-user engagements, potential traffic-based threats, etc.) ..l” See e.g. [0080] If, at 435, it is determined that the thresholds cannot be met, the user and/or admin are notified at 445. This may occur when the back-end pool is operating at capacity, when an unexpected failure occurs, when a traffic spike occurs, etc. In embodiments, this may trigger a hot migration of an application, or node servicing the application, to a second computing environment with the resources necessary to accommodate the needed level of service. See e.g. [0081] However, if, at 435, it is determined that the current computing environment can potentially achieve the threshold, the application prioritizations, network traffic policies, or the scaling of the back-end pool may be adjusted to achieve the threshold(s). Actions to be taken to resolve unmet thresholds ) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Anand’s pool. The motivation being the combined solution provides for the implementation of a known technique resulting in increased efficiencies in managing traffic flows. Kommula in view of Haddock and in further view of Gubanov and in further view of Anand disclose: determine that a portion of a burst capacity of the first zone as represented by the burst threshold is unused (The combined solution per Anand as Anand teaches reserving portions of back-end pool capacity for bursts ([0023], [0080], [0081]), while Gubanov teaches organizing traffic handling across multiple zones. Form sch monitoring, the system is able to determine when reserved burst capacity associated with a zone is unused) ; add the portion of the burst capacity to an excess burst capacity pool that includes unused portions of burst capacities of the respective zones (The combined solution per Anand as Annand teaches burst capacity is supplied from a shared back-end pool Unused burst capacity associated with a zone is returned to the shared pool, where it becomes available for other system demands); and allow, for a second zone of the plurality of zones, an establishment of a quantity of traffic flows in the second zone beyond a burst threshold for the second zone using an excess burst capacity of the protection system as represented by the excess burst capacity pool (Because Gubanov teaches multiple zones and Anand teaches burst capacity drawn from a shared pool, excess burst capacity in the pool is used by another zone when traffic flows exceed the zone’s burst threshold). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Regarding claim 14, Kommula in view of Haddock and in further view of Gubanov and in further view of Anand disclose the non-transitory machine-readable storage medium of claim 13, wherein the instructions upon execution cause the protection system to: allocate an excess burst capacity of the excess burst capacity pool to the burst capacity of the first zone (The combined solution as Anand teaches a burst capacity pool drawn from shared back-end resources and used during traffic spikes ([0023],[0066], [0070], [0081]. Gubanov teaches traffic management across multiple zones, while Haddock teaches threshold-based capacity limits associated with burst traffic. Accordingly, excess burst capacity available in the pool may be allocated to the burst capacity of a zone experiencing increased traffic demand.). Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Anand’s pool. The motivation being the combined solution provides for the implementation of a known technique resulting in increased efficiencies in managing traffic flows Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Regarding claim 15 Kommula in view of Haddock and in further view of Gubanov and in further view of Anand disclose the non-transitory machine-readable storage medium of claim 14, wherein the instructions upon execution cause the protection system to: return any unused part of the excess burst capacity pool to respective zones that contributed to the excess burst capacity pool (The combined solution provides for managing burst capacity across zones using a shared burst capacity pool (Anand [0023], [0066], [0080], [0081]); Gubanov’s zones). Accordingly, unused capacity from the excess capacity is returned to the zones that contributed to the pool, consisted with the shared pool resource management) Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Haddock’s capacity scheme. The motivation being the combined solution provides for incorporating a known technique resulting in increased efficiencies of managing resources during bursty traffic periods. More importantly, the combined solution provides one of ordinary skill in the art to create flexible traffic rules or policies during a denial-of-service event resulting in the handling of traffic surges associated with DDoS environments. Therefore it would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Anand’s pool. The motivation being the combined solution provides for the implementation of a known technique resulting in increased efficiencies in managing traffic flows Regarding claim 20, claim 20 comprises the same and/or similar subject matter as claim 13 and is considered an obvious variation; therefore it is rejected under the same rationale. Any inquiry concerning this communication or earlier communications from the Examiner should be directed to TODD L. BARKER whose telephone number is (571) 270 0257. The Examiner can normally be reached on Monday through Friday, 7:30am to 5:00pm. If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's supervisor Vivek Srivastava can be reached on (571) 272 7304. /TODD L BARKER/Primary Examiner, Art Unit 2449
Read full office action

Prosecution Timeline

May 07, 2024
Application Filed
Jul 12, 2025
Non-Final Rejection — §103
Nov 21, 2025
Response Filed
Mar 14, 2026
Non-Final Rejection — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/747,269
Patent 12587583
EMBEDDED SYSTEMS, AND METHODS, HAVING SENSOR SIGNAL INTERFACES FOR IMPROVING MAINTENANCE AND DATA ACQUISITION IN MANUFACTURING OPERATIONS
2y 5m to grant Granted Mar 24, 2026
18/588,676
Patent 12580811
HIGHLY SCALABLE CONTAINER NETWORK INTERFACE OPERATION TO REDUCE STARTUP OVERHEAD OF FUNCTIONS
2y 5m to grant Granted Mar 17, 2026
19/123,006
Patent 12579097
INTER-NODE COMMUNICATION METHOD AND APPARATUS, ELECTRONIC DEVICE, AND STORAGE MEDIUM
2y 5m to grant Granted Mar 17, 2026
18/689,459
Patent 12568417
SUPPORT OF END-TO-END EDGE APPLICATION SERVICE CONTINUITY
2y 5m to grant Granted Mar 03, 2026
18/169,622
Patent 12562960
MIGRATING NETWORKING CONFIGURATIONS
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

2-3
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+23.4%)
2y 4m
Median Time to Grant
Moderate
PTA Risk
Based on 383 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month