Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsCharter Communications Operating LLC › 18744473
Last updated: April 19, 2026
Application No. 18/744,473

APPARATUS FOR DISTRIBUTED DENIAL OF SERVICE (DDOS) DETECTION AND MITIGATION

Final Rejection §102§103§DP
Filed
Jun 14, 2024
Examiner
COULTER, KENNETH R
Art Unit
2445
Tech Center
2400 — Computer Networks
Assignee
Charter Communications Operating LLC
OA Round
2 (Final)
87%
Grant Probability
Favorable
3-4
OA Rounds
3y 2m
To Grant
82%
With Interview

Interview Optional

-4.8% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 841 resolved cases, 2023–2026

Examiner Intelligence

COULTER, KENNETH R View full profile →
Grants 87% — above average
87%
Career Allow Rate
729 granted / 841 resolved
+28.7% vs TC avg
Minimal -5% lift
Without
With
+-4.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
7 currently pending
Career history
848
Total Applications
across all art units

Statute-Specific Performance

§101
16.8%
-23.2% vs TC avg
§103
17.6%
-22.4% vs TC avg
§102
38.3%
-1.7% vs TC avg
§112
9.9%
-30.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 841 resolved cases

Office Action

§102 §103 §DP
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 09/10/2025 have been fully considered but they are not persuasive. 35 USC 103 rejection: Applicant argues that “the self flow set each element, the flow threshold THR, and the aggregate flow set each element of Luo do not anticipate or render obvious an ‘assigned bandwidth per customer’” and the “self flow set each element, the flow threshold THR, and the aggregate flow set each element of Luo do not anticipate or render obvious ‘currently used bandwidth per customer’”. Examiner disagrees. The “flow threshold THR” can reasonably be interpreted as an assigned bandwidth and the “each element in its own flow set MTRS” can be reasonably interpreted as currently used bandwidth per customer. Therefore, the 35 USC 103 rejection is maintained. 35 USC 102 rejection: Applicant states that Kang “does not disclose or suggest ‘comparing, by a controller, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack”. Examiner disagrees. The “allocating bandwidth of a network, which detects excessive traffic of a specific user” (paragraph 5) of Kang reasonably demonstrates currently used bandwidth per customer and “providing a balance in the usage of the network resources” (paragraph 5) of Kang reasonably demonstrates “assigned bandwidth” claimed in independent claims 1, 14, 25, and 26. Therefore, the 35 USC 102 rejection is maintained. The claim informalities have been overcome due to the amendment dated 09/10/2025. The 35 USC 101 rejection has been overcome due to the amendment dated 09/10/2025. Applicant has deferred “resolution of the double patenting rejection until patentable subject matter is agreed upon”. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 1 – 31 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 – 31 of U.S. Patent No. 12,052,280. Although the claims at issue are not identical, they are not patentably distinct from each other because of the mapping below. Claim 1 of the present Application maps to claim 1 of ‘280. 1. A method comprising: comparing, by a controller, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (“comparing, by the controller, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack”); and the controller initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (“the controller initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack”). Claim 2 of the present Application maps to claim 2 of ‘280. 2. The method of Claim 1, further comprising the controller determining, for the plurality of internet service provider customers, a projected bandwidth per customer, wherein the comparing step further comprises comparing the currently used bandwidth per customer to the projected bandwidth per customer (“The method of claim 1, further comprising the controller determining, for the plurality of internet service provider customers, a projected bandwidth per customer, wherein the comparing step further comprises comparing the currently used bandwidth per customer to the projected bandwidth per customer”). Claim 3 of the present Application maps to claim 3 of ‘280. 3. The method of Claim 2, wherein the controller determining, for the plurality of internet service provider customers, the projected bandwidth per customer comprises the controller determining the projected bandwidth per customer using machine learning (“The method of claim 2, wherein the controller determining, for the plurality of internet service provider customers, the projected bandwidth per customer comprises the controller determining the projected bandwidth per customer using machine learning”). Claim 4 of the present Application maps to claim 4 of ‘280. 4. The method of Claim 3, wherein the controller determining, for the plurality of internet service provider customers, the projected bandwidth per customer using machine learning comprises the controller carrying out inferencing with a trained neural network, the trained neural network being trained on historical data to project the bandwidth per customer based on measured data (“The method of claim 3, wherein the controller determining, for the plurality of internet service provider customers, the projected bandwidth per customer using the machine learning comprises the controller carrying out inferencing with a trained neural network, the trained neural network being trained on historical data to project the bandwidth per customer based on measured data”). Claim 5 of the present Application maps to claim 5 of ‘280. 5. The method of Claim 4, further comprising training the neural network on the historical data to project the bandwidth per customer (“The method of claim 4, further comprising training the neural network on the historical data to project the bandwidth per customer”). Claim 6 of the present Application maps to claim 6 of ‘280. 6. The method of Claim 5, further comprising updating the training of the neural network over time for those of the plurality of customers other than the at least one given customer putatively suffering from the distributed denial of service attack (“The method of claim 5, further comprising updating the training of the neural network over time for those of the plurality of customers other than the at least one given customer putatively suffering from the distributed denial of service attack”). Claim 7 of the present Application maps to claim 7 of ‘280. 7. The method of Claim 3, wherein the comparing step comprises determining that the at least one given customer putatively suffers from the distributed denial of service attack when the currently used bandwidth per customer for the at least one given customer exceeds the projected bandwidth per customer for the at least one given customer and the currently used bandwidth per customer for the at least one given customer is at least equal to: the assigned bandwidth per customer for the at least one given customer; and an additional applied amount (“The method of claim 4, wherein the comparing step comprises determining that the at least one given customer putatively suffers from the distributed denial of service attack when the currently used bandwidth per customer for the at least one given customer exceeds the projected bandwidth per customer for the at least one given customer and the currently used bandwidth per customer for the at least one given customer is at least equal to: the assigned bandwidth per customer for the at least one given customer; and an additional applied amount”). Claim 8 of the present Application maps to claim 8 of ‘280. 8. The method of Claim 7, wherein, in the comparing step, the additional applied amount is determined multiplicatively (“The method of claim 7, wherein, in the comparing step, the additional applied amount is determined multiplicatively”). Claim 9 of the present Application maps to claim 9 of ‘280. 9. The method of Claim 7, wherein, in the comparing step, the additional applied amount is determined additively (“The method of claim 7, wherein, in the comparing step, the additional applied amount is determined additively”). Claim 10 of the present Application maps to claim 10 of ‘280. 10. The method of Claim 7, wherein the at least one remedial action initiated by the controller comprises the controller pushing a configuration to a plurality of peering entry points to cause the plurality of peering entry points to block at least one of an IP address and a port associated with the putative distributed denial of service attack (“The method of claim 7, wherein the at least one remedial action initiated by the controller comprises the controller pushing a configuration to the plurality of peering entry points to cause the plurality of peering entry points to block at least one of an IP address and a port associated with the putative distributed denial of service attack”). Claim 11 of the present Application maps to claim 11 of ‘280. 11. The method of Claim 10, further comprising the plurality of peering entry points blocking the at least one of an IP address and a port associated with the putative distributed denial of service attack in accordance with the pushed configuration (“The method of claim 10, further comprising the plurality of peering entry points blocking the at least one of an IP address and a port associated with the putative distributed denial of service attack in accordance with the pushed configuration”). Claim 12 of the present Application maps to claim 12 of ‘280. 12. The method of Claim 10, wherein: the controller comprises a core logic module, a machine learning module coupled to the core logic module, and a configuration push module coupled to the core logic module; the machine learning module implements the trained neural network; the controller comparing, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer comprises the core logic module obtaining the assigned bandwidth per customer from the customer profile collector, the core logic module obtaining the currently used bandwidth per customer from the IP flows collector, the core logic module obtaining the projected bandwidth per customer from the machine learning module, and the core logic module comparing the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer; and the controller initiating the at least one remedial action comprises the configuration push module pushing the configuration (“The method of claim 10, wherein: the controller comprises a core logic module, an IP flows collector coupled to the core logic module, a customer profile collector coupled to the core logic module, a machine learning module coupled to the core logic module, and a configuration push module coupled to the core logic module; the controller obtaining the assigned bandwidth per customer for the plurality of internet service provider customers comprises the customer profile collector querying the at least one provisioning database; the machine learning module implements the trained neural network; the controller obtaining the currently used bandwidth per customer comprises the IP flows collector obtaining the currently used bandwidth per customer from the plurality of peering entry points of the internet service provider; the controller comparing, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer comprises the core logic module obtaining the assigned bandwidth per customer from the customer profile collector, the core logic module obtaining the currently used bandwidth per customer from the IP flows collector, the core logic module obtaining the projected bandwidth per customer from the machine learning module, and the core logic module comparing the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer; and the controller initiating the at least one remedial action comprises the configuration push module pushing the configuration”). Claim 13 of the present Application maps to claim 13 of ‘280. 13. The method of Claim 12, further comprising displaying, on a graphical user interface, data related to the putative distributed denial of service attack (“The method of claim 12, further comprising displaying, on a graphical user interface, data related to the putative distributed denial of service attack”). Claim 14 of the present Application maps to claim 14 of ‘280. 14. A system comprising: a memory (“A system comprising: a memory”); and at least one processor, coupled to the memory, and operative to (“and at least one processor, coupled to the memory, and operative to”): compare, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (“compare, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack”); and initiate at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (“and initiate at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack”). Claim 15 of the present Application maps to claim 15 of ‘280. 15. The system of Claim 14, wherein the at least processor is further operative to determine, for the plurality of internet service provider customers, a projected bandwidth per customer, wherein the comparing further comprises comparing the currently used bandwidth per customer to the projected bandwidth per customer (“The system of claim 14, wherein the at least one processor is further operative to determine, for the plurality of internet service provider customers, a projected bandwidth per customer, wherein the comparing further comprises comparing the currently used bandwidth per customer to the projected bandwidth per customer”). Claim 16 of the present Application maps to claim 16 of ‘280. 16. The system of Claim 15, wherein the at least processor is operative to determine, for the plurality of internet service provider customers, the projected bandwidth per customer using machine learning (“The system of claim 15, wherein the at least one processor is operative to determine, for the plurality of internet service provider customers, the projected bandwidth per customer using machine learning”). Claim 17 of the present Application maps to claim 17 of ‘280. 17. The system of Claim 16, wherein the at least processor implements a trained neural network, and wherein the at least one processor is operative to determine, for the plurality of internet service provider customers, the projected bandwidth per customer, using machine learning, by carrying out inferencing with the trained neural network, the trained neural network being trained on historical data to project the bandwidth per customer based on measured data (“The system of claim 16, wherein the at least one processor implements a trained neural network, and wherein the at least one processor is operative to determine, for the plurality of internet service provider customers, the projected bandwidth per customer, using the machine learning, by carrying out inferencing with the trained neural network, the trained neural network being trained on historical data to project the bandwidth per customer based on measured data”). Claim 18 of the present Application maps to claim 18 of ‘280. 18. The system of Claim 17, wherein the at least processor is further operative to train the neural network on the historical data to project the bandwidth per customer (“The system of claim 17, wherein the at least one processor is further operative to train the neural network on the historical data to project the bandwidth per customer”). Claim 19 of the present Application maps to claim 19 of ‘280. 19. The system of Claim 18, wherein the at least processor is further operative to update the training of the neural network over time for those of the plurality of customers other than the at least one given customer putatively suffering from the distributed denial of service attack (“The system of claim 18, wherein the at least one processor is further operative to update the training of the neural network over time for those of the plurality of customers other than the at least one given customer putatively suffering from the distributed denial of service attack”). Claim 20 of the present Application maps to claim 20 of ‘280. 20. The system of Claim 16, wherein the at least one processor is operative to determine that the at least one given customer putatively suffers from the distributed denial of service attack when the currently used bandwidth per customer for the at least one given customer exceeds the projected bandwidth per customer for the at least one given customer and the currently used bandwidth per customer for the at least one given customer is at least equal to: the assigned bandwidth per customer for the at least one given customer; and an additional applied amount (“The system of claim 17, wherein the at least one processor is operative to determine that the at least one given customer putatively suffers from the distributed denial of service attack when the currently used bandwidth per customer for the at least one given customer exceeds the projected bandwidth per customer for the at least one given customer and the currently used bandwidth per customer for the at least one given customer is at least equal to: the assigned bandwidth per customer for the at least one given customer; and an additional applied amount”). Claim 21 of the present Application maps to claim 21 of ‘280. 21. The system of Claim 20, wherein the at least one processor is operative to initiate the at least one remedial action by pushing a configuration to a plurality of peering entry points to cause the plurality of peering entry points to block at least one of an IP address and a port associated with the putative distributed denial of service attack (“The system of claim 20, wherein the at least one processor is operative to initiate the at least one remedial action by pushing a configuration to the plurality of peering entry points to cause the plurality of peering entry points to block at least one of an IP address and a port associated with the putative distributed denial of service attack”). Claim 22 of the present Application maps to claim 22 of ‘280. 22. The system of Claim 21, further comprising the plurality of peering entry points, wherein the plurality of peering entry points are configured to blocking the at least one of an IP address and a port associated with the putative distributed denial of service attack in accordance with the pushed configuration (“The system of claim 21, further comprising the plurality of peering entry points, wherein the plurality of peering entry points are configured to blocking the at least one of an IP address and a port associated with the putative distributed denial of service attack in accordance with the pushed configuration”). Claim 23 of the present Application maps to claim 23 of ‘280. 23. The system of Claim 21, wherein: the at least one processor is operative to instantiate a core logic module, a machine learning module coupled to the core logic module, and a configuration push module coupled to the core logic module; a controller comprises the core logic module, the machine learning module coupled to the core logic module, and the configuration push module coupled to the core logic module; the machine learning module implements the trained neural network; the controller comparing, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer comprises the core logic module obtaining the assigned bandwidth per customer from the customer profile collector, the core logic module obtaining the currently used bandwidth per customer from the IP flows collector, the core logic module obtaining the projected bandwidth per customer from the machine learning module, and the core logic module comparing the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer; and the controller initiating the at least one remedial action comprises the configuration push module pushing the configuration (“The system of claim 21, wherein: the at least one processor is operative to instantiate a core logic module, an IP flows collector coupled to the core logic module, a customer profile collector coupled to the core logic module, a machine learning module coupled to the core logic module, and a configuration push module coupled to the core logic module; a controller comprises the core logic module, the IP flows collector coupled to the core logic module, the customer profile collector coupled to the core logic module, the machine learning module coupled to the core logic module, and the configuration push module coupled to the core logic module; the controller obtaining the assigned bandwidth per customer for the plurality of internet service provider customers comprises the customer profile collector querying the at least one provisioning database; the machine learning module implements the trained neural network; the controller obtaining the currently used bandwidth per customer comprises the IP flows collector obtaining the currently used bandwidth per customer from the plurality of peering entry points of the internet service provider; the controller comparing, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer comprises the core logic module obtaining the assigned bandwidth per customer from the customer profile collector, the core logic module obtaining the currently used bandwidth per customer from the IP flows collector, the core logic module obtaining the projected bandwidth per customer from the machine learning module, and the core logic module comparing the assigned bandwidth per customer to the currently used bandwidth per customer and the currently used bandwidth per customer to the projected bandwidth per customer; and the controller initiating the at least one remedial action comprises the configuration push module pushing the configuration”). Claim 24 of the present Application maps to claim 24 of ‘280. 24. The system of Claim 23, wherein the at least one processor is further operative to cause display, on a graphical user interface, of data related to the putative distributed denial of service attack (“The system of claim 23, wherein the at least one processor is further operative to cause display, on a graphical user interface, of data related to the putative distributed denial of service attack”). Claim 25 of the present Application maps to claim 25 of ‘280. 25. A non-transitory computer readable medium comprising processor executable instructions which when executed by a processor cause the processor to perform the method of (“A non-transitory computer readable medium comprising processor executable instructions which when executed by a processor cause a processor to perform the method of”): comparing, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (“comparing, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack”); and initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (“initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack”). Claim 26 of the present Application maps to claim 26 of ‘280. 26. A hardware system comprising (“A system comprising”): a core logic module, implemented using at least one hardware device, configured to compare, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (“a core logic module, coupled to the customer profile collector and the IP flows collector, and configured to compare, for the plurality of internet service provider customers, the assigned bandwidth per customer to the currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack”); and a configuration push module, coupled to the core logic module, and configured to initiate at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (“a configuration push module, coupled to the core logic module, and configured to initiate at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack”). Claim 27 of the present Application maps to claim 27 of ‘280. 27. The hardware system of Claim 26, further comprising: a machine learning module, implementing a trained neural network, coupled to the core logic module, and configured to determine, for the plurality of internet service provider customers, a projected bandwidth per customer, by carrying out inferencing with the trained neural network, the trained neural network being trained on historical data to project the bandwidth per customer based on measured data; wherein the core logic module is further configured to compare the currently used bandwidth per customer to the projected bandwidth per customer to determine the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (“The system of claim 26, further comprising: a machine learning module, implementing a trained neural network, coupled to the core logic module, and configured to determine, for the plurality of internet service provider customers, a projected bandwidth per customer, by carrying out inferencing with the trained neural network, the trained neural network being trained on historical data to project the bandwidth per customer based on measured data; wherein the core logic module is further configured to compare the currently used bandwidth per customer to the projected bandwidth per customer to determine the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack”). Claim 28 of the present Application maps to claim 28 of ‘280. 28. The hardware system of Claim 27, wherein the core logic module is configured to determine the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack when the currently used bandwidth per customer for the at least one given customer exceeds the projected bandwidth per customer for the at least one given customer and the currently used bandwidth per customer for the at least one given customer is at least equal to: the assigned bandwidth per customer for the at least one given customer; and an additional applied amount (“The system of claim 27, wherein the core logic module is configured to determine the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack when the currently used bandwidth per customer for the at least one given customer exceeds the projected bandwidth per customer for the at least one given customer and the currently used bandwidth per customer for the at least one given customer is at least equal to: the assigned bandwidth per customer for the at least one given customer; and an additional applied amount”). Claim 29 of the present Application maps to claim 29 of ‘280. 29. The hardware system of Claim 28, wherein the configuration push module is configured to initiate the at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack by pushing a configuration to the plurality of peering entry points to cause the plurality of peering entry points to block at least one of an IP address and a port associated with the putative distributed denial of service attack (“The system of claim 28, wherein the configuration push module is configured to initiate the at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack by pushing a configuration to the plurality of peering entry points to cause the plurality of peering entry points to block at least one of an IP address and a port associated with the putative distributed denial of service attack”). Claim 30 of the present Application maps to claim 30 of ‘280. 30. The hardware system of Claim 29, further comprising the plurality of peering entry points, wherein the plurality of peering entry points are configured to block the at least one of an IP address and a port associated with the putative distributed denial of service attack in accordance with the pushed configuration (“The system of claim 29, further comprising the plurality of peering entry points, wherein the plurality of peering entry points are configured to block the at least one of an IP address and a port associated with the putative distributed denial of service attack in accordance with the pushed configuration”). Claim 31 of the present Application maps to claim 31 of ‘280 31. The hardware system of Claim 30, further comprising a graphical user interface coupled to the core logic module and configured to display data related to the putative distributed denial of service attack (“The system of claim 30, further comprising a graphical user interface coupled to the core logic module and configured to display data related to the putative distributed denial of service attack”). The current claim language is not rejected under statutory double patenting because the independent claims of the present Application are broader than the claim language in ‘280. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 14, 25, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Luo et al. (CN 112866243 A (English translation)) (DDoS Attack Detection Method Based on Single Packet Traceability) in view of Kang et al. (U.S. Pat. Pub. No. 2014/0355440) (Method and Apparatus for Bandwidth Allocation in Network to Enhance Balance Thereof). 1.1 Regarding claim 1, Luo disclose the method comprising: comparing, by a controller, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (Fig. 3; Abstract “DDoS attack detection method based on single packet traceability”; p. 5, bottom paragraph “step 302, comparing each element in its own flow set MTRS with the flow threshold THR, and adding the autonomous domain node corresponding to the flow quantity greater than the threshold value to the abnormal autonomous domain set AA”). However, Luo do not disclose the controller initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack. In the same filed of invention, Kang teach controller initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (paragraph 27 “fairly allocate a network resource … it is possible to make the reduction of the management costs for the network bandwidth and prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (Distributed Denial of Service) attack”; paragraph 40 “the traffic respond unit 130 notices a possibility of occurrence of DDoS (Distributed Denial of Service) attacks and moves the specific source IP address which incurs the excessive packets to the black list group”). Examiner notes that Kang discloses DDoS attack detection (paragraph 17 “inform the possibility of the occurrence of DDoS (Distributed Denial of Service) attack”). It would have been obvious to one of ordinary skill in the art at the time of filing to combine the remedial action of Kang with the DDoS attack detection of Luo since the remediation of a DDoS attack is commonplace and advantageous for proper operation of the invention of Luo. 1.2 Per claims 14, 25, and 26, the rejection of claim 1 under 35 USC 103 applies fully. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1, 14, 25 and 26 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kang et al. (U.S. Pat. Pub. No. 2014/0355440) (Method and Apparatus for Bandwidth Allocation in Network to Enhance Balance Thereof). 2.1 Regarding claim 1, Kang disclose a method comprising: comparing, by a controller, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (paragraph 5 “allocating bandwidth of a network, which detects excessive traffic of a specific user in a router or switch stage on an IP network and controls the excessive traffic so that the services requested by other users can be maintained, thereby providing a balance in the usage of the network resources”; paragraph 27 “fairly allocate a network resource by actively coping with the increase in the amount of network usage for a particular user … prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (distributed Denial of Service) attack”; paragraph 17 “inform the possibility of the occurrence of DDoS (Distributed Denial of Service) attack”); and the controller initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (paragraph 27 “fairly allocate a network resource … it is possible to make the reduction of the management costs for the network bandwidth and prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (Distributed Denial of Service) attack”; paragraph 40 “the traffic respond unit 130 notices a possibility of occurrence of DDoS (Distributed Denial of Service) attacks and moves the specific source IP address which incurs the excessive packets to the black list group”). 2.2 Per claim 14, Kang teach a system comprising: a memory (paragraph 50 “Because the computer program instructions may be stored in a computer using memory or computer readable memory”); and at least one processor, coupled to the memory (paragraph 50 “processor … Because the computer program instructions may be stored in a computer using memory or computer readable memory”), and operative to: compare, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (paragraph 5 “allocating bandwidth of a network, which detects excessive traffic of a specific user in a router or switch stage on an IP network and controls the excessive traffic so that the services requested by other users can be maintained, thereby providing a balance in the usage of the network resources”; paragraph 27 “fairly allocate a network resource by actively coping with the increase in the amount of network usage for a particular user … prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (distributed Denial of Service) attack”; paragraph 17 “inform the possibility of the occurrence of DDoS (Distributed Denial of Service) attack”); and initiate at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (paragraph 27 “fairly allocate a network resource … it is possible to make the reduction of the management costs for the network bandwidth and prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (Distributed Denial of Service) attack”; paragraph 40 “the traffic respond unit 130 notices a possibility of occurrence of DDoS (Distributed Denial of Service) attacks and moves the specific source IP address which incurs the excessive packets to the black list group”). 2.3 Regarding claim 25, Kang disclose a non-transitory computer readable medium comprising processor executable instructions which when executed by a processor cause the processor to perform (paragraph 50 “computer readable memory”) the method of: comparing, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (paragraph 5 “allocating bandwidth of a network, which detects excessive traffic of a specific user in a router or switch stage on an IP network and controls the excessive traffic so that the services requested by other users can be maintained, thereby providing a balance in the usage of the network resources”; paragraph 27 “fairly allocate a network resource by actively coping with the increase in the amount of network usage for a particular user … prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (distributed Denial of Service) attack”; paragraph 17 “inform the possibility of the occurrence of DDoS (Distributed Denial of Service) attack”); and initiating at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (paragraph 27 “fairly allocate a network resource … it is possible to make the reduction of the management costs for the network bandwidth and prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (Distributed Denial of Service) attack”; paragraph 40 “the traffic respond unit 130 notices a possibility of occurrence of DDoS (Distributed Denial of Service) attacks and moves the specific source IP address which incurs the excessive packets to the black list group”). 2.4 Per claim 26, Kang teach a hardware system comprising: a core logic module, implemented using at least one hardware device (paragraph 51 “the respective blocks or the respective sequences may indicate modules, segments, or …”), configured to compare, for a plurality of internet service provider customers, assigned bandwidth per customer to currently used bandwidth per customer, to determine at least one given customer of the plurality of internet service provider customers putatively suffering from a distributed denial of service attack (paragraph 5 “allocating bandwidth of a network, which detects excessive traffic of a specific user in a router or switch stage on an IP network and controls the excessive traffic so that the services requested by other users can be maintained, thereby providing a balance in the usage of the network resources”; paragraph 27 “fairly allocate a network resource by actively coping with the increase in the amount of network usage for a particular user … prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (distributed Denial of Service) attack”; paragraph 17 “inform the possibility of the occurrence of DDoS (Distributed Denial of Service) attack”); and a configuration push module (paragraph 51 “the respective blocks or the respective sequences may indicate modules, segments, or …”), coupled to the core logic module, and configured to initiate at least one remedial action for the at least one given customer of the plurality of internet service provider customers putatively suffering from the distributed denial of service attack (paragraph 27 “fairly allocate a network resource … it is possible to make the reduction of the management costs for the network bandwidth and prevent the network resources from occupying primarily for some users owing to excessive P2P or DDoS (Distributed Denial of Service) attack”; paragraph 40 “the traffic respond unit 130 notices a possibility of occurrence of DDoS (Distributed Denial of Service) attacks and moves the specific source IP address which incurs the excessive packets to the black list group”). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENNETH R COULTER whose telephone number is (571)272-3879. The examiner can normally be reached on M-F, 9am-5pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on M-H, 7am-3:30pm. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KENNETH R COULTER/Primary Examiner, Art Unit 2445 /KRC/
Read full office action

Prosecution Timeline

Jun 14, 2024
Application Filed
Mar 04, 2025
Non-Final Rejection — §102, §103, §DP
Sep 10, 2025
Response Filed
Oct 06, 2025
Applicant Interview (Telephonic)
Oct 07, 2025
Examiner Interview Summary
Dec 30, 2025
Final Rejection — §102, §103, §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/293,627
Patent 12603814
ARCHITECTURE, METHOD AND DEVICE FOR MANAGING CLOUD PLATFORM, AND STORAGE MEDIUM
2y 5m to grant Granted Apr 14, 2026
18/749,987
Patent 12603925
Registration Method and Apparatus for Internet of Things Device, Communication Device, Core Network Device, Storage Medium and System
2y 5m to grant Granted Apr 14, 2026
18/294,829
Patent 12574423
Communication Method and Method for Establishing Data Channel
2y 5m to grant Granted Mar 10, 2026
18/710,153
Patent 12563012
MANAGING WEBTOP RESOURCE HOSTNAME RESOLUTION
2y 5m to grant Granted Feb 24, 2026
18/454,992
Patent 12556598
MIXED MEDIA DATA FORMAT AND TRANSPORT PROTOCOL
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
87%
Grant Probability
82%
With Interview (-4.8%)
3y 2m
Median Time to Grant
Moderate
PTA Risk
Based on 841 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month