&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11943239.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,943,239 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Fraud or distributed denial of service (DDOS) protection for session initiation protocol (SIP)-based communication</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Adam Uzelac,  Rochester, NY (US);  Ronnie Bailey,  Lakewood, CO (US); and  Craig Richter,  Marlboro, NJ (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Level 3 Communications, LLC,  Broomfield, CO (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Level 3 Communications, LLC,  Broomfield, CO (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Aug.  24, 2021, as Appl. No. 17/410,214.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 63/226,515, filed on Jul.  28, 2021.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0029971 A1, Feb.  2, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 29/00</b></i> (2006.01); <i><b>H04L 9/40</b></i> (2022.01); <i><b>H04L 65/1104</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/1416</b></i> (2013.01)&#xa0;[<i><b>H04L 63/1425</b></i> (2013.01); <i><b>H04L 63/1458</b></i> (2013.01); <i><b>H04L 63/1466</b></i> (2013.01); <i><b>H04L 65/1104</b></i> (2022.05)]</td>
            <td class="table_data" align="right"><b>18 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11943239-20240326-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method, comprising:<div class="claim_text">receiving, using a computing system and from a first router among a plurality of routers in a network, first session initiation protocol (&#x201c;SIP&#x201d;) data, the first SIP data indicating a request to initiate a SIP-based media communication session between a calling party at a source address in an originating network and a called party at a destination address in the network;</div>
                <div class="claim_text">analyzing, using the computing system, the received first SIP data to determine whether the received first SIP data comprises any abnormalities indicative of potential fraudulent or malicious actions;</div>
                <div class="claim_text">based on a determination that the received first SIP data comprises at least one abnormality indicative of potential fraudulent or malicious actions, rerouting, using the computing system, the first SIP data to a security deep packet inspection (&#x201c;DPI&#x201d;) engine;</div>
                <div class="claim_text">performing, using the security DPI engine, a deep scan of the received first SIP data to identify any known fraudulent or malicious attack vectors contained within the received first SIP data and to determine whether the calling party is a known malicious entity or whether the source address is associated with a known malicious entity;</div>
                <div class="claim_text">in response to the security DPI engine identifying at least one known fraudulent or malicious attack vector contained within the received first SIP data, initiating one or more mitigation actions; and</div>
                <div class="claim_text">normalizing, using the computing system and after initiating the one or more mitigation actions, all network traffic to the destination address after at least one of a predetermined period or a predetermined number of SIP data checks showing no abnormalities indicative of potential fraudulent or malicious actions.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>