Fastly, Inc.

Patent Trials and Appeals BoardFeb 22, 2022

2020006442 (P.T.A.B. Feb. 22, 2022)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/366,677 12/01/2016 Jo¿o Diogo Taveira Ara¿jo 683.0065 7161 76444 7590 02/22/2022 Setter Roche LLP 1860 Blake Street Suite 100 Denver, CO 80202 EXAMINER NOAMAN, BASSAM A ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 02/22/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): uspto@setterroche.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte JOÃO DIOGO TAVEIRA ARAÚJO, ARTUR BERGMAN, and SEAN A. LEACH ____________________ Appeal 2020-006442 Application 15/366,677 Technology Center 2400 ____________________ Before ROBERT E. NAPPI, CATHERINE SHIANG, and CARL L. SILVERMAN, Administrative Patent Judges. NAPPI, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1 through 20. We have jurisdiction under 35 U.S.C. § 6(b). We AFFIRM. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42(a) (2018). According to Appellant, Fastly, Inc. is the real party in interest. Appeal Br. 2. Appeal 2020-006442 Application 15/366,677 2 INVENTION The invention is directed to a method of attack mitigation in a content delivery network. Spec. ¶¶ 6-7. Claim 1 is reproduced below. 1. A method of operating a content delivery network (CDN) comprising a plurality of cache nodes that cache content for delivery to end user devices and a control node, the method comprising: determining, in the control node, that a network attack or malicious traffic should be mitigated; determining, in the control node, a particular function of a plurality of functions that should be executed by at least one of the plurality of cache nodes to mitigate the network attack or malicious traffic; for domain name system (DNS) translation nodes associated with the CDN, establishing address translations in the control node to translate domain names into network addresses usable by the end user devices for reaching content at the cache nodes, with portions of the network addresses comprising stenographic information, comprising information that indicates the particular function of the plurality of functions to be executed by at least one of the plurality of cache nodes; providing ones of the network addresses with the stenographic information to the end user devices responsive to domain name translation requests issued by the end user devices; responsive to content requests issued by the end user devices, determining locality information associated with the network attack or malicious traffic directed at the CDN based at least on the stenographic information in the network addresses of the content requests. Appeal Br. 12. Appeal 2020-006442 Application 15/366,677 3 EXAMINER’S REJECTIONS2 The Examiner rejects claims 1 through 8, and 11 through 18 under 35 U.S.C. § 103 as unpatentable over the combined teachings of Graham- Cumming (US 9,584,328 B1, pub. February 28, 2017), and Holloway (US 8,613,089 B1, pub. December 17, 2013). Final Act. 8-34. The Examiner rejects claims 9 and 19 under 35 U.S.C. § 103 as unpatentable over the combined teachings of Graham-Cumming, Holloway and Radlein (US 9,774,619 B1, pub. September 26, 2017). Final Act. 34-35. The Examiner rejects claims 10 and 20 under 35 U.S.C. § 103 as unpatentable over the combined teachings of Graham-Cumming, Holloway and Laurence (US 9,641,434 B1, pub. May 2, 2017). Final Act. 35-37. ANALYSIS We have reviewed Appellant’s arguments in the Appeal Brief, Reply Brief, the Examiner’s rejections, and the Examiner’s response to Appellant’s arguments. Appellant’s arguments have not persuaded us of error in the Examiner’s rejection of all of the claims under 35 U.S.C. § 103. Appellant argues, with respect to claim 1, that the Examiner’s rejection is in error as the combination of Graham-Cumming (hereinafter Graham), Holloway does not teach the claim 1 limitations of determining in the control node that a network attack should be mitigated, and determining 2 Throughout this Decision, we refer to the Appeal Brief filed June 12, 2020 (“Appeal Br.”); Reply Brief filed September 8, 2020 (“Reply Br.”); Final Office Action mailed November 4, 2019 (“Final Act.”); and the Examiner’s Answer mailed July 6, 2020 (“Ans.”). Appeal 2020-006442 Application 15/366,677 4 in the control node a particular function that should be executed by at least one cache node to mitigate the attack. Appeal Br. 7-9. In these arguments Appellant present three separate points. Appellant’s first point addresses the claim 1 limitation directed to the control node determining that a network attack should be mitigated. Appeal Br. 7. Appellant asserts that the Examiner’s findings with respect to Graham mistakes consequences for determination and that: The mere fact that a control node determined that an attack situation existed, and that subsequently a separate node performed mitigating actions does not teach that the control node determined that such mitigating action should take place. In both the text and Figures of Graham referred to by Appellee, Graham makes clear that the second portion of the operation (the enactment of mitigating actions) takes place in a second entity, namely the proxy server. See Graham at Fig. 3 and col. 8, 11. 11-20. Graham notably does not teach that the determination by the control node is anything more than a determination that “the hostname is experiencing traffic indicative of an attack.” Appellee never identifies where Graham teaches or makes obvious “determining, in the control node, that a network attack or malicious traffic should be mitigated.” Thus, Appellee fails to support a prima facie conclusion of obviousness for this claim element. Appeal Br. 7-8. Thus, the first issue presented by Appellant’s arguments is did the Examiner err in finding the combination of Graham and Holloway teaches the claim 1 limitation of determining in the control node that a network attack should be mitigated. The Examiner responds on pages 4 through 6 of the Answer. The Examiner finds that Graham teaches that the control server identifies that there is an indication of an attack by embedding information into a portion of the IP address and that this embedded information includes information Appeal 2020-006442 Application 15/366,677 5 allowing the proxy server to mitigate the attack. Ans. 4-5 (citing Graham Figs 1-3, col. 2, ll. 50-56, col. 5, ll. 20-24). Further, the Examiner states: Graham in Figure 3 (330) illustrates a conditional block. If there is embedded information indicative of an attack, then a mitigation/security action should/would take place at block (335). Appellee emphasized that that the embedded information that was initially determined by the control server gets to decide whether a mitigation should/would Figure 3 (330) or should/would not Figure 3 (340) take place. Appellee further notes that Graham discloses in Col. 8 line 15-35 that the proxy servers, i.e. cache nodes, perform the mitigation actions according to the embedded information in the IP address that was embedded by the control server, which is consistent with claim 1’s recitation where such actions are performed by the cache nodes. Ans. 5-6. We have reviewed the teachings of Graham cited by the Examiner and concur with the Examiner’s findings. Graham’s teaching that control server identifies that the traffic is indicative of an attack and provides information to mitigate the attack (see e.g. col. 7, ll. 39-42, ll. 55-67, col. 8, ll. 3-7), demonstrates that a determination of attack that should be mitigated is made. Inasmuch as Appellant’s augments are directed to the references not teaching the control node making a determination of an attack, we additionally note that Holloway discusses the control node making the determination. See Holloway (col. 6, ll. 12-20, ll. 23-30, ll. 39-42, col. 14, ll. 44-54). Thus, Appellant’ arguments have not persuaded us that the Examiner erred in finding the combination of Graham and Holloway teaches the claim 1 limitation of determining in the control node that a network attack should be mitigated. Appeal 2020-006442 Application 15/366,677 6 Appellant’s second point addresses the claim 1 limitation of the control node determining a particular function to be executed by at least one of the cache nodes to mitigate the network attack. Appeal Br. 8. Appellant argues that: Graham simply lists a number of security actions that a proxy server could take. There is no teaching in Graham that the control node is even aware of these potential actions, let alone that the control node determines a particular function rom this list. Holloway similarly states, “example mitigation actions include . . . .“ As in Graham, Holloway does not teach “determining, in the control node, a particular function” as required by claim 1. Appeal Br. 8. (citing Graham col. 8. Ll. 20-35 and Holloway col. 14, ll. 16- 30). Thus, the second issue presented by Appellant’s arguments is did the Examiner err in finding the combination of Graham and Holloway teach the claim 1 limitation of the control node determining a particular function to be executed by at least one of the cache nodes to mitigate the network attack. The Examiner responds on pages 6 through 8 of the Answer. The Examiner finds that Graham does teach that the control module determines the mitigation action to be performed as Graham teaches that the information embedded by the control module incudes configuration setting to be used to mitigate the attack. Ans. 7 (citing Graham col. 3, ll. 1-3, col. 8, ll. 20-35). Further, the Examiner identifies that “Graham does not explicitly disclose determining in the control server a particular function/action to mitigate attack” but finds that Holloway does. Ans. 7 citing Holloway Fig. 1, col. 6, ll. 16-21, col. 9, ll. 1-5, col. 14, ll. 20-30). We have reviewed the teachings of Graham and Holloway cited by the Examiner and concur with the Examiner’s findings. Claim 1 recites that Appeal 2020-006442 Application 15/366,677 7 the control module determines a particular function that should be executed to mitigate the attack. Holloway identifies that the control server may cause one or more of the mitigation actions to be performed, see col. 14, ll. 53-54, which teaches that one of the many mitigation actions is selected by the control module. We additionally note that Holloway also discloses in column 19, lines 1 through 22, a centralized server identifying an attack and communicating rules to proxy servers to rate limit and thus mitigate the attack, which also teaches the claimed determining a particular function to mitigate the attack. Thus, Appellant’s arguments have not persuaded us the Examiner erred in finding the combination of Graham and Holloway teach the claim 1 limitation of the control node determining a particular function to be executed by at least one of the cache nodes to mitigate the network attack. Appellant’s third point is that: Neither Graham nor Holloway teach any method of communicating a particular function from a control node to a cache node. Thus, one of ordinary skill in the art would have no incentive to expand the teachings of Graham and/or Holloway to cover the elements of claim 1. Even if the control node did “determine . . . a particular function,” that determination would be worthless if not communicated to the cache node to carry out. Appeal Br. 8. Appellant reasons that in Holloway both the identification and mitigation happen in the same node and thus “Graham and Holloway, either taken individually or in combination, fail to teach or suggest ‘determining, in the control node, a particular function of a plurality of functions that should be executed by at least one of the plurality of cache nodes to mitigate the network attack or malicious traffic.’” Appeal Br. 8. Appeal 2020-006442 Application 15/366,677 8 These arguments directed to the third point have not persuaded us of error in the Examiner’s rejection, as discussed above with respect to the first and second issues, we concur with the Examiner’s findings that the combination of Graham and Holloway teaches determining in the control node that a network attack should be mitigated, and determining in the control node a particular function that should be executed by at least one cache node to mitigate the attack. Further, we disagree with the premise of Appellant’s arguments that Holloway does not teach communication between the control mode and cache node or that the identification and mitigation happen at the same node. See for example Holloway’s discussion in column 6 lines 16-18, which states “the control server(s) 125 identify DoS attacks and one or more mitigation actions may be taken by the proxy server(s) 120” which shows that the identification and mitigation performed at different nodes. See also Holloway, column 19, lines 1 through 21 (which discusses the centralized server determining an attack and transmitting rules to the proxy servers to block the attack) and also column 20 line 66 through column 21, line 3 (which discusses the control module transmitting rules to the cache modules to mitigate an attack after an attack has been identified), which further show that there is communication of an attack and mitigation between the nodes. Thus, Appellant’s arguments have not persuaded us of error in the Examiner’s rejection of claim 1. Appellants have grouped claims 2 through 8 and 11 through 18 with claim 1. Appeal Br. 9. Accordingly, we sustain the Examiner’s rejection of claims 1 through 8 and 11 through 18. With respect to the Examiner’s rejections of claims 9, 10, 19, and 20, Appeal 2020-006442 Application 15/366,677 9 Appellant asserts that the rejection is in error for the reasons presented with respect to claim 1. Appeal Br. 9-10. As discussed above Appellants have not persuaded us of error in the Examiner’s rejection of claim 1. Accordingly, we sustain the Examiner’s rejections of claims 9, 10, 19, and 20 for the same reasons as claim 1. DECISION SUMMARY In summary: Claim Rejected 35 U.S.C. § Reference(s)/ Basis Affirmed Reversed 1-8, 11- 18 103 Graham- Cumming, Holloway 1-8, 11-18 9, 19 103 Graham- Cumming, Holloway, Radlein 9, 19 10, 20 103 Graham- Cumming, Holloway, Laurence 10, 20 Overall Outcome 1-20 AFFIRMED