Software companies in India have been trying to get the Indian Patent law changed to allow patents for Computer Software and Business Methods. Such patents are available in USA but were so far considered not patentable in India because Indian Patent Act Section 3 (k) stated as follows:
3. What are not inventions.—The following are not inventions within the meaning of this
Act,—
(k) a mathematical or business method or a computer programme per se or algorithms;.
However, it appears that this situation has now changed and a patent number 353365 issued on 1oth December 2020 for an invention titled “Halting a denial of service” appears to be a patent granted for a software which is a “Business Method”.
Earlier it was considered that only if a software is part of a hardware, the device could be patented and “software-per-se” was not patentable.
There are 9 claims under this patent namely
Claim Number |
Claim |
1 | A method for identifying and mitigating a distributed denial of service attack (DDoS), the method comprising: collecting, through a processor that is operatively coupled to a network interface card (NIC) of a computing device, a first set of parameters from user request having data packets, wherein the user request is configured for requesting a service from a server in a network; collecting, through the processor operatively coupled to the NIC, a second set of parameters from a server response, wherein the server response having data packets from the server in response to the user request; analyzing, through a mitigation core coupled with the computing device, the first set of parameters and the second set of parameters, to determine a traffic score associated with the data packets in the user request and the server response, said traffic score being computed using a cumulative sum (Cusum) anomaly detection, wherein said mitigation core comprises layers of one or more mitigation filters that determine whether each data packet is dropped or sent to the next filter of the one or more mitigation filters; comparing, using the processor, the determined traffic score based on the first set of parameters and the second set of parameters with a pre-determined threshold score to determine that either one of the user request or the server response comprises one or more malicious data packets associated with a DDoS attack in the network; and alleviating, through the processor, the DDoS attack by applying a traffic shaping based mitigation criteria. (P.S: The underlined portions above are the changes made in the application to support that the invention is outside the provisions of Section 3(k) as explained in the comment below) |
2 | The method as claimed in claim 1, wherein the first set of parameters are selected from any or a combination of a Source IP and/or Destination IP and/or Source Port and/or Destination Port and/or TCP Flags and/or TCP flags distribution across user requests and/or a TCP window size and/or a TCP sequence number and/or a TCP Header length and/or a Source IP distribution across user requests and/or a Destination IP distribution across user requests and/or a Source port distribution across user requests and/or a Destination port distribution across user requests and/or a Number of connections per source IP and/or a Number of connections per source IP and destination IP and/or a UDP header length and/or a HTTP header length and/or a HTTP request Method and/or a HTTP URL and/or a HTTP Referer and/ or a HTTP Host and/or a HTTP User-agent and/or a HTTP version and/or aHTTP Content length and/or a DNS flags and/or a DNS query type and/or a DNS Transaction ID and/or a ICMP type and/or a ICMP packet length and/or an Incoming bytes per second (bps) and/or an Incoming packets per second (pps) and/or a TCP pps and/or a TCP bps and/or a ICMP pps and/or a ICMP bps and/or a UDP pps and/or a UDP bps and/or a HTTP pps and/or a HTTP bps and/or a IPv4 p 5 ps and/or a IPv4 bps and/or a IPv6 pps and/or a IPv6 bps and/or a Non- IP pps and/or a nonIP bps and/or an Invalid UDP pps and/or an Invalid ICMP pps and/or an Invalid TCP pps and/or an Invalid UDP bps and/or an Invalid ICMP bps and/or an Invalid TCP bps and/or an Invalid IPv4 pps and/or an Invalid IPv4 bps and/or an Invalid IPv6 pps and/or an Invalid IPv6 bps and/or an Invalid HTTP 10 Request pps and/or an Invalid HTTP Request bps and/or a HTTP requests per URL and/or a HTTP requests per Host and/or HTTP requests per source IP and/or HTTP requests per destination IP and/or HTTP requests per destination IP and source IP. |
3 | The method as claimed in claim 1, wherein the second set of parameters are selected from any or a combination of a DNS NX Domain responses and/or a TCP RST pps and/or an Outgoing pps and/or an Outgoing bps and/or a Server response time and/or a TCP flags distribution and/or a TCP window size and/or a Maximum server connections and/or a HTTP response code and/or a HTTP payload length and/or a TCP Sequence number and/or a TCP Payload length and/or a TCP ACK timestamp and/or a Number of open ports per destination and/or a TCP pps and/or a TCP bps and/or a UDP pps and/or a UDP bps and/or a ICMP pps and/or a ICMP bps and/or a DNS response pps. |
4 | The method as claimed in claim 1, wherein the mitigation criteria is selected from any or a combination of a syn proxy, geo-IP filtering, heuristics, a progressive challenge, rule matching, a temporary blacklist, aggressive aging, or RFC compliance. |
5 | The method as claimed in claim 4, wherein the data packet is passed if the data packet in the user request and the server response passes the mitigation criteria. |
6 | The method as claimed in claim 4, wherein the data packet responds with a challenge if the data packet in the user request is found to be suspicious as per the mitigation criteria including syn proxy and/or progressive challenge. |
7 | The method as claimed in claim 4, wherein the data packet in the user request or the data packet in the server response is dropped if the data packet fails any mitigation criteria and a next data packet is analyzed. |
8 | The method as claimed in claim 1, wherein the traffic 5 score is computed based on anomaly detection technique selected from any or a combination of an Entropy, a top talker, a multi-variant Gaussian distribution, a univariant Gaussian distribution, or a heuristic analysis. |
9 | he method as claimed as claimed 1, wherein the pre-defined threshold is computed dynamically based on the first set of parameters and the second set of parameters stored in a repository and the pre-determined threshold is adaptive based on first set of parameters and the second set of stored in a repository, and the first set parameters and the second set of parameters comprises a structured and/or an un-structured representation. |
It is to be noted by users of all anti-DDOS products that if they are using any of the methods described above in the patent, they may be liable for infringement of the patent unless they obtain the necessary license.
All auditors need to flag similar methods used by the auditee organizations as a “Risk” and possibility of financial liabilities arising thereof have to be factored.
All Cyber Insurance companies need to rework their assessments of organizations if there is a potential infringement.
This patent issued by the claims filed by the Registered Patent Agent Mr Tarun Khurana and approved by Mr Roopak Jain as the Controller of Patent (Apparently in the Delhi branch of Patent Office) appears to be a milestone in the history of Software Patents in India.
Based on the issue of this patent, there could be a flood of patent applications from the software companies in India and also applications for re-considerations of earlier applications rejected by different patent offices.
(Comments welcome)
(P.S: Naavi.org is not fully agreeable with the interpretation of the patent office that this patent is outside the provisions of the Section 3(k) since it is a “Method” and no “Physical Device” has been indicated as the patent.
Nevertheless, it is the prerogative of the Patent office to take a view of its own unless otherwise challenged. This will however be a precedent in the case of other software patent applications and if any other party finds that their patents were unfairly rejected, then they may try to amend their claim and seek reversal of the earlier decision either through a review or by approaching the High Court.
In the past Patents have been claimed on basic aspects of network functioning such as hyperlinking, reverse auctions in the e-commerce scenario, single click buying in E Commerce scenario, the GIF imaging etc which have caused extreme discomfort to the users.
This patent is also a basic “Firewall” feature where the data packets are filtered against some pre-set rules. The only distinguishing feature is that “There should be a Processor” that is coupled with the NIC which does the analysis of the packet and its filtering. Unfortunately the patent application is not for this “Processor” but given for the “Method”.
In our opinion, the “Processor” should have been segregated into a “device” and patent should have been provided for the device which is the hardware plus the embedded software. It is our considered view that the Patent office has erred in granting the patent in its current form under the current provisions of Section 3(k) … Naavi)
Naavi
As regards the objection raised on non patentability of the software, the following response was given by the applicant and accepted by the Patent office.
1. In the hearing notice, the learned Controller has objected that the pending claims of the present invention falls within the scope of section 3(k) of The Patents Act, 1970, wherein the objection states
“1. Subject matter of claim as filed in the instant application falls within scope of clause (k) of section (3) of the Patents Act, 1970 (as amended). Therefore invention claimed in said claims is not patentable.
Claims are a set of sequences used to implement an algorithm, without disclosing any constructional or structural aspects of the said features”
The Applicant respectfully disagrees with the present objection.
However, without acquiescing to the objection and to expedite the prosecution, the Applicant has suitably amended the claim 1 on file to include more structural aspects for better clarity and intelligibility.
In view of the amended claim 1, the Applicant humbly submits that the independent claim 1 (and dependent claims 2-9) does not fall within the scope of section 3(k) and clearly display technical advancement in view of the following discussion.
Thanks Naavi for very well researched article.