13416142 (P.T.A.B. Aug. 22, 2016)

Ex Parte Hyndman et al

Patent Trial and Appeal BoardAug 22, 2016

13416142 (P.T.A.B. Aug. 22, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/416,142 03/09/2012 131442 7590 08/23/2016 RPX Clearinghouse, LLC One Market Plaza, Steuart Tower Suite 800 San Francisco, CA 94105 FIRST NAMED INVENTOR Arn Hyndman UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 16692ROUS02C 5524 EXAMINER TRAN, ELLEN C ART UNIT PAPER NUMBER 2433 MAILDATE DELIVERY MODE 08/23/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ARN HYNDMAN and NOCHOLAS SAURIOL Appeal2014-009862 Application 13/416,142 Technology Center 2400 Before BRUCE R. WINSOR, HUNG H. BUI, and AMBER L. HAGY, Administrative Patent Judges. WINSOR, Administrative Patent Judge. DECISION ON APPEAL .6. .... ,1 .... ,....,-TTr'l.r-"\l\-1,....Al/'\.r'" , .. C- "1 â€¢ ,â€¢ Appeuants' appeal unaer j) u.~.L. s U4~aJ rrom me rma1 reJecuon of claims 25--44, which constitute all the claims pending in this application. We have jurisdiction under 35 U.S.C. Â§ 6(b). Claims 1-24 are cancelled. App. Br. 1. We REVERSE and institute a NEW GROUND OF REJECTION within the provisions of 37 C.F.R. Â§ 41.50(b) (2013). 1 The real party in interest identified by Appellants is Rockstar Consortium US LP. App. Br. 1. Appeal2014-009862 Application 13/416,142 RELATED PROCEEDINGS2 The application which forms the basis on the present appeal is a continuation of application No. 10/995,162, which was the subject of Appeal No. 2009-014530, decided September 20, 2011. STATEMENT OF THE CASE Appellants' disclosed invention "relates to firewalls and, more particularly, to ... control of traffic propagation through a network firewall." Spec. i-f 1. Claims 25 and 35, which are illustrative, read as follows: 25. A method of operating a distributed firewall system, the distributed firewall system comprising a firewall, at least one firewall agent associated with a host providing at least one application, and a firewall component associated with a VPN[3] server, the method comprising: communicating, from at least one firewall agent associated with the host to the firewall, information pertaining to at least one of a user and an application requesting access to a VPN service provided by the VPN server; making a policy decision at the firewall based on the communicated information pertaining to the at least one of a user and an application; communicating, from the firewall to the firewall component associated with the VPN server, information pertaining to implementation of the policy decision; and 2 Appellants assert there are no related appeals or interferences. App. Br. 1. Appellants and their legal representatives are reminded of the obligation to identify related appeals, interference, and trials in the appeal brief. See 3 7 C.F.R. Â§ 41.37(c)(ii) (2013). 3 Virtual Private Network. Spec. i-f 58. 2 Appeal2014-009862 Application 13/416,142 implementing at least a portion of the policy decision at the VPN server based on the communicated information pertaining to implementation of the policy decision. 3 5. A method of operating a firewall agent in a distributed firewall system, the distributed firewall system comprising a firewall, the firewall agent and a firewall component associated with a VPN server, the firewall agent being associated with a host providing at least one application, the method comprising: monitoring at least one user and at least one application at the host; and communicating to the firewall information pertaining to at least one of a user and an application requesting access to a VPN service provided by the VPN server. Evidence Considered The Examiner relies on the following prior art in rejecting the claims: Eisenberg et al. US 2003/0188001 Al Oct. 2, 2003 ("Eisenberg" or "'00 l ") Hesselink et al. US 2003/0191848 Al Oct. 9, 2003 ("Hesselink" or "' 848 ") Hui et al. US 2004/0010712 Al Jan. 15,2004 ("Hui" or "'712") Iyer et al. US 6,944,183 Bl Sept. 13, 2005 ("Iyer" or "' 183 ") Morford US 7,324,447 Bl Jan.29,2008 ("Morford or "' 44 7") Examiner's Rejections Claim 35 is stands rejected under 25 U.S.C. Â§ 102(e) as being anticipated by Hesselink. See Final Act. 14. 3 Appeal2014-009862 Application 13/416,142 Claims 25, 26, 32-34, 36, 38--40, and 43--44 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Hesselink and Hui. See Final Act. 15-20. Claims 27, 29, 37, and 41 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over Hesselink, Hui, and Morford. See Final Act 20-21. Claim 30 stands rejected under 35 U.S.C. Â§ 103(a) as being unpatentable Hesselink, Hui, and Iyer. See Final Act. 21-22. Claims 31 and 42 stand rejected under 35 U.S.C. Â§ 103(a) as unpatentable over Hesselink, Hui, and Eisenberg. See Final Act 22. Rather than repeat the arguments here, we refer to the Briefs ("App. Br." filed May 28, 2014; "Reply Br." filed Sept. 16, 2014) and the Specification ("Spec." filed Mar. 9, 2012) for the positions of Appellants and the (replacement) Final Office Action ("Final Act." mailed Oct. 29, 2013)4 and Answer ("Ans." mailed July 17, 2014) for the reasoning, findings, and conclusions of the Examiner. ISSUES Appellants' contentions present the following dispositive issues: 5 Whether the Examiner errs in finding Hesselink discloses "communicating to the firewall information pertaining to at least one of a 4 All references herein to the Final Office Action are to the replacement Final Office Action, mailed October 29, 2013, which superseded the original Final Office Action mailed August 6, 2013. 5 Appellants' contentions present additional issues. Because the identified issues are dispositive of the claims and rejections on appeal, we do not reach the additional issues. 4 Appeal2014-009862 Application 13/416,142 user and an application requesting access to a VPN service provided by the VPN server" (emphasis added), as recited in claim 35. Whether the Examiner errs in finding the combination of Hesselink and Hui teaches or suggests "communicating, from the firewall to the firewall component associated with the VPN server, information pertaining to implementation of the policy decision," as recited in claim 25. ANALYSIS Claim 35 In rejecting claim 35, the Examiner reasons that Hesselink's private network is encompassed by the broadest reasonable interpretation of VPN. See Ans. 9-10 ("[A] firewall on a private network, (i.e. associated with a VPN server) can control or provide instructions to firewall components on different networks. Note VPNs are known to provide a services [sic] to users .... [A] private network is a VPN.") (citing Hesselink i-fi-15, 15). Appellants contend the Examiner errs by construing VPN (i.e., Virtual Private Network) unreasonably broadly, essentially reading "virtual" out of the claim. We agree. The ordinary meaning of "virtual private network" to those of ordinary skill in the art is as follows: virtual private network n. 1. Nodes on a public network such as the Internet that communicate among themselves using encryption technology so that their messages are as safe from being intercepted and understood by unauthorized users as if the nodes were connected by private lines. 2. A WAN (wide area network) formed of permanent virtual circuits (PVCs) on another network, especially a network using technologies such as A TM or frame relay. Acronym: VPN. 5 Appeal2014-009862 Application 13/416,142 MICROSOFT COMPUTER DICTIONARY 554 (Microsoft Press, 5th ed. 2002) (underlining added). In other words, a virtual private network is a particular kind of private network, i.e., one where the nodes are not connected by private lines, but rather communicate over non-private lines using encryption that emulates private lines. We find nothing in Appellants' Specification or Hesselink that is inconsistent with the ordinary meaning of "VPN." The embodiment of Hesselink relied upon to anticipate claim 3 5 (see Final Act. 14 (citing Hesselink i-fi-15-7, 15-16)) discloses private networks, but does not disclose virtual private networks. Hesselink does discuss VPN s as a background embodiment to the embodiments of Hesselink's described invention (see Hesselink i13), but distinguishes VPNs from the embodiments of Hesselink's invention (see id. i19). See NetMoneyIN, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1371 (Fed. Cir. 2008). "[I]t is not enough [for an anticipation rejection] that the prior art reference ... includes multiple, distinct teachings that the artisan might somehow combine to achieve the claimed invention."). Because the embodiment of Hesselink relied on by the Examiner does not disclose a VPN service or VPN server, as those terms are understood in the art, Hesselink does not disclose "communicating to the firewall information pertaining to at least one of a user and an application requesting access to a VPN service provided by the VPN server" (emphasis added), as recited in claim 3 5. For the foregoing reasons we do not sustain the rejection of claim 35 or of claims 36-38 which depend, directly or indirectly, from claim 35. 6 Appeal2014-009862 Application 13/416,142 Claim 25 The Examiner maps the recited VPN server and recited firewall to Hui's integrated VPN/firewall system and reasons "[s]ince the integrated VPN/firewall system comprises a policy engine that enforces policies, the policy decision is implemented at the VPN server." Ans. 13 (citing Hui abstract, i-fi-f 12, 17-18, 62, 81.) Appellants contend as follows: Hui['s integrated VPN server/firewall] does not ... teach or suggest communicating, from the firewall to the firewall component associated with the VPN server, information pertaining to implementation of the policy decision; and implementing at least a portion of the policy decision at the VPN server based on the communicated information pertaining to implementation of the policy decision. App. Br. 12. Appellants further contend as follows: [T]he fact that these two systems [i.e., VPN server and firewall] are physically implemented on a single device does not teach or suggest, to a person of ordinary skill in the art, that the firewall should communicate information pertaining to implementation of the policy decision to a firewall component associated with the VPN server or that the VPN server should implement at least a portion of the policy decision. Reply Br. 6. We agree with the Examiner, for the reasons explained by the Examiner, that Hui teaches or suggests implementing policy decisions at the VPN server. See Ans. 13. Because Hui teaches an integrated VPN server/firewall, steps performed by Hui's firewall can be characterized as being performed by Hui's VPN server as well. However, we agree with Appellants that the Examiner has not established that the cited passages of Hui teach or suggest "communicating, from the firewall to the firewall component associated with the VPN server, information pertaining to 7 Appeal2014-009862 Application 13/416,142 implementation of the policy decision," as recited in claim 35. The Examiner does not identify in Hui the "firewall component associated with the VPN server" with which Hui's "firewall" communicates. Indeed, because Hui's firewall itself is included in Hui's integrated VPN server/firewall, we can identify no "firewall component associated with the VPN server" except for the firewall itself, so that there is no separate identifiable "firewall component associated with the VPN server" for the firewall to communicate with. For the foregoing reasons we do not sustain the rejection of (1) independent claim 25; (2) independent claims 39 and 40, which similarly recite communication of information regarding a policy decision from the firewall to the VPN server; and (3) claims 26-34 and 41--44, which depend, directly or indirectly, from claims 25 and 40, respectively. NEW GROUND OF REJECTION WITHIN 37 C.F.R. Â§ 41.50(b) Claim 35 is rejected on a new ground of rejection under 35 U.S.C. Â§ 103(a) as being unpatentable over Hesselink. As an initial matter, we note that we give patentable weight to the recitations of the preamble to the extent they give life, meaning, and vitality to the steps positively recited in the claim. See Pitney Bowes, Inc. v. Hewlett-Packard Co., 182 F.3d 1298, 1305 (Fed. Cir. 1999); see also MPEP Â§ 2111.02(II). But where the recitations of the preamble do not affect, or are not affected by, any manipulative act positively recited in the claim, we treat those recitations as mere statements of intended use. We construe "a firewall agent in a distributed firewall system ... associated with a host providing at least one application" to 8 Appeal2014-009862 Application 13/416,142 encompass any functional elements that perform monitoring and communicating steps as recited in claim 3 5. We adopt as our own the Examiner's findings (Final Act. 14) and explanations (Ans. 9-13) regarding claim 35, except that we do not adopt the Examiner's finding that Hesselink anticipates claim 35. Hesselink further teaches that dedicated private networks and dedicated virtual private networks (VPN) function similarly, each having a dedicated server within the network to provide for communication with the Internet. Hesselink i-f 3. In the case of a VPN, this dedicated server falls within the broadest reasonable interpretation of a VPN server. Thus, Hesselink teaches the interchangeability of dedicated private networks and dedicated VPNs. Accordingly, it would have been obvious to one of ordinary skill in the art to replace the server of the private network relied upon by the Examiner with a VPN server. One of ordinary skill in the art would have understood that accessing a network via a VPN server constitutes a request to access a VPN service. Such a modification would be no more than no more than "the simple substitution of one known element for another." KSR Int 'l Co. v. Teleflex Inc., 550 U.S. 398, 417 (2007). Dependent Claims We have entered new grounds of rejection for independent claim 3 5. We leave to the Examiner to consider the patentability of dependent claims 36-38 in light of our findings and conclusions supra regarding claim 35, from which they depend. The fact that we did not enter new grounds of rejection for the dependent claims should not be construed to mean that we consider the dependent claims to be patentable over the prior art of record. 9 Appeal2014-009862 Application 13/416,142 DECISION The decision of the Examiner to reject claims 25--44 is reversed. We enter a new ground of rejection for claim 35 under 35 U.S.C. Â§ 103(a). Section 41.50(b) provides that "[a] new ground of rejection ... shall not be considered final for judicial review." Section 41.50(b) also provides that Appellants, WITHIN TWO MONTHS FROM THE DATE OF THE DECISION, must exercise one of the following two options with respect to the new ground of rejection to avoid termination of the appeal as to the rejected claims: ( 1) Reopen prosecution. Submit an appropriate amendment of the claims so rejected or new Evidence relating to the claims so rejected, or both, and have the matter reconsidered by the examiner, in which event the proceeding will be remanded to the examiner. . . . (2) Request rehearing. Request that the proceeding be reheard underÂ§ 41.52 by the Board upon the same Record. 37 C.F.R. Â§ 41.50(b). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l). See 37 C.F.R. Â§Â§ 41.50(f), 41.52(b). REVERSED 37 C.F.R. Â§ 41.50(b) 10