Ex Parte Singla et alDownload PDFBoard of Patent Appeals and InterferencesJan 22, 200910273497 (B.P.A.I. Jan. 22, 2009) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE __________ BEFORE THE BOARD OF PATENT APPEALS AND INTERFERENCES __________ Ex parte AMAN SINGLA, ANDREW M. DAVIDSON, MICHAEL FINE, and KEVIN HAYES __________ Appeal 2008-2284 Application 10/273,497 Technology Center 2400 __________ Decided: January 22, 2009 __________ Before LANCE LEONARD BARRY, HOWARD B. BLANKENSHIP, and STEPHEN C. SIU, Administrative Patent Judges. SIU, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE This is a decision on appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1-18. We have jurisdiction under 35 U.S.C. § 6(b). We affirm-in-part. Appeal 2008-2284 Application 10/273,497 2 The Invention The disclosed invention relates generally to assigning network computers to sub-networks based on the security level of the connection (Spec. 1). Specifically, a Virtual Local Area Network (VLAN) allows multiple security levels such that a station may communicate in the VLAN based on a corresponding security association (Spec. 6). Independent claim 1 is illustrative: 1. A method of configuring an access device to include multiple virtual LANS (VLANs) based on security levels, the method comprising: enabling encryption in the access device; selectively assigning one of a predetermined security level, multiple security levels, and no security level to each VLAN; and setting a security association for each station associated with the access device, wherein the security association of a station determines its assigned VLAN. The References The Examiner relies upon the following references as evidence in support of the obviousness rejections: Van Seters US 5,978,378 Nov. 02, 1999 Minear US 5,983,350 Nov. 9, 1999 Vasa US 6,308,218 B1 Oct. 23, 2001 Sato US 2002/0146002 A1 Oct. 10, 2002 (filed Jul. 24, 2001) Unitt US 2002/0146026 A1 Oct. 10, 2002 (filed Mar. 27, 2002) Volpano US 2003/0120763 A1 Jun. 26, 2003 (filed Jan. 25, 2002) Appeal 2008-2284 Application 10/273,497 3 Rydnell US 2005/0157688 A1 Jul. 21, 2005 (filed Mar. 10, 2003) The Rejections 1. The Examiner rejects claims 1, 3, 5-8, 10, 11, 13, and 15-17 under 35 U.S.C. § 103(a) as being unpatentable over Volpano and Van Seters. 2. The Examiner rejects claim 2 under 35 U.S.C. § 103(a) as being unpatentable over Volpano, Van Seters, and Vasa. 3. The Examiner rejects claim 4 under 35 U.S.C. § 103(a) as being unpatentable over Volpano, Van Seters, and Minear. 4. The Examiner rejects claims 9 and 12 under 35 U.S.C. § 103(a) as being unpatentable over Volpano, Van Seters, and Sato. 5. The Examiner rejects claim 14 under 35 U.S.C. § 103(a) as being unpatentable over Volpano, Van Seters, and Rydnell. 6. The Examiner rejects claim 18 under 35 U.S.C. § 103(a) as being unpatentable over Volpano, Van Seters, and Unitt. ISSUE #1 Appellants assert that “neither Volpano nor Van Seters teach selectively assigning a predetermined security level, multiple security levels, or no security level to each VLAN” (Supp. App. Br. 11) and that “Volpano and Van Seters, when combined, still fail to teach that the VLAN Appeal 2008-2284 Application 10/273,497 4 may be assigned multiple security levels as recited in Claims 1, 13, and 17” (Reply Br. 2). The Examiner finds that “both Volpano and Van Seters teach . . . ‘selectively assigning one of a predetermined security level, multiple security levels, and no security level to each VLAN’ . . . since both references teach that VLAN security for each VLAN is either on (i.e., a predetermined security level) or off (i.e., no security level)” (Ans. 9-10) and that “the claimed limitation only requires ‘assigning one of’ the security levels” (Ans. 10). Did Appellants demonstrate that the Examiner erred in finding that Volpano and/or Van Seters discloses or suggests selectively assigning one of a predetermined security level, multiple security levels, and no security level to each VLAN? FINDINGS OF FACT The following Findings of Facts (FF) are shown by a preponderance of the evidence. 1. Volpano discloses “a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong” (¶ [0028]). 2. Volpano discloses a “[p]ersonal VLAN Bridge 1 (10)” (¶ [0032], Fig. 1) having “physical ports 11, 13, 15, 17” (id.) and “three logical ports 19, 21, 23” (id.) Appeal 2008-2284 Application 10/273,497 5 3. Volpano discloses that “[e]ach logical port has its own security association 25, 27, 29 which is shared by some number of end stations 20, 22, 24 to constitute a separate VLAN” (¶ [0032], Fig. 1). 4. Volpano discloses, for example, “[s]tation A 20 shares SA125 with bridge 110 . . . [n]o other stations share SA1 and so STA A is in a unique VLAN, i.e. VLAN3” (¶ [0033]) and that “[s]tations B and C 22, 24 . . . belong to VLAN4 because they share SA227” (¶ [0034]). 5. Volpano also discloses that a “Personal VLAN bridge can maintain more than one logical port per physical port” (¶ [0039]), that “a logical port serves at most one VLAN” (¶ [0040]), and that “[a]n authentication code uniquely identifies the VLAN to which the traffic belongs, while another level of encryption keeps the traffic private except to members of the VLAN” (¶ [0040]). 6. Volpano discloses that “[t]raffic within one VLAN is separated from another VLAN on the same physical port by cryptography” (¶ [0040]). 7. Volpano discloses that an “authentication code uniquely identifies the VLAN to which the traffic belongs, while another level of encryption keeps the traffic private except to members of the VLAN” (¶ [0040]). 8. Volpano discloses that if a requester “cannot be authenticated, or is not authorized to request VLAN service from the bridge (104), then the request is discarded (106)” (¶[0052]). Appeal 2008-2284 Application 10/273,497 6 9. Volpano discloses a “VLAN . . . created by one of STA A or STA B. Then the other station joined it after being authenticated by the creator” (¶ [0034]). 10. Volpano discloses that the “VLAN bridge model parallels the VLAN model in terms of its rules for tagging frames” (¶[0043]). 11. Van Seters discloses a device “to examine a received frame to determine which VLAN, if any, the frame is associated with” (Abstract). 12. Van Seters discloses that logic circuits “support . . . and implement security features . . . depending on the frame type” and that “[i]f VLAN security is not enabled then no VLAN information is employed” (col. 5, ll. 21-30). 13. Unitt discloses checking if VLAN tags “attached to an incoming frame one the customer port is a member of the set of tags allocated to that ONU” and that “if the tag is valid, the ONU will the forward the frame . . . [but] if the tag is invalid, the ONU may . . . discard the frame” ((¶[0082]). PRINCIPLES OF LAW 35 U.S.C. § 103(a) Section 103 forbids issuance of a patent when “the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been Appeal 2008-2284 Application 10/273,497 7 obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.” KSR Int'l Co. v. Teleflex Inc., 127 S. Ct. 1727, 1734 (2007). “What matters is the objective reach of the claim. If the claim extends to what is obvious, it is invalid under § 103.” KSR, 127 S. Ct. at 1742. In KSR, the Supreme Court emphasized “the need for caution in granting a patent based on the combination of elements found in the prior art,” and discussed circumstances in which a patent might be determined to be obvious. Id. at 1739 (citing Graham v. John Deere Co., 383 U.S. 1, 12 (1966)). ANALYSIS (ISSUE #1) Volpano discloses VLANs (FF 1) associated with logical ports (FF 2) that are associated with security associations (FF 3). Different VLANs (e.g., VLAN of Station A, VLAN 4, or VLAN 5) of Volpano permit communication of data between stations within the corresponding VLAN based on a security level of VLANs. Similarly, Van Seters discloses that logic circuits “support . . . and implement security features . . . depending on the frame type” and that “[i]f VLAN security is not enabled then no VLAN information is employed” (col. 5, ll. 29-30). We agree with the Examiner that Van Seters discloses selectively assigning a security level or no security level to a VLAN and that Volpano discloses assigning a security level to a VLAN. However, we do not find, Appeal 2008-2284 Application 10/273,497 8 and the Examiner has not demonstrated, that either Volpano or Van Seters also discloses selectively assigning multiple security levels to a VLAN. While we agree with the Examiner that “the claimed limitation only requires ‘assigning one of’ the security levels” (Ans. 10), claim 1 also recites “selectively assigning” (Claims Appendix, page 18). The Examiner has not demonstrated that either Volpano or Van Seters discloses providing a user with a selection of multiple security levels to be assigned to a VLAN. Similarly, claim 13 recites that “each security level is selectable between a single security level, multiple security levels, and no security level” and claim 17 recites “each security level being user-selectable between a single security level, multiple security levels, and no security level” (Claims Appendix, pages 19-20). For reasons set forth above, we find that the Examiner has not demonstrated that either Volpano or Van Seters discloses multiple security levels being selectable for a VLAN. Accordingly, we conclude that Appellants have met their burden of showing that the Examiner erred in rejecting independent claims 1, 13, and 17, and claims 2-12 and 14-16, which depend therefrom with respect to issue #1. ISSUE #2 Appellants assert that “although the VLAN tag [of Unitt] can provide ‘security’ for a specific customer, the tag does not disclose or suggest the recited designated security VLAN level” (Reply Br. 3). Appeal 2008-2284 Application 10/273,497 9 The Examiner finds that “Volpano and Van Seters teach methods of assigning security to VLANs, and . . . Unitt teaches that [if] a VLAN tag is invalid it will be filtered” (Ans. 12). Did Appellants demonstrate that the Examiner erred in finding that Volpano, Van Seters and/or Unitt discloses or suggests selectively designating a VLAN tag corresponding to a designated security level to be set to “invalid,” thereby causing all frames using that designated security level to be filtered? ANALYSIS (ISSUE #2) Volpano discloses segregating traffic in VLANs such that “a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong” (¶[0028]), that “[t]raffic within one VLAN is separated from another VLAN on the same physical port by cryptography” (¶[0040]), that if a requester “cannot be authenticated, or is not authorized to request VLAN service from the bridge (104), then the request is discarded (106)” (¶[0052]), and that the “VLAN bridge model parallels the VLAN model in terms of its rules for tagging frames” (¶[0043]). Hence, Volpano discloses communication of data frames among stations within a VLAN having a security level and discarding requests for data communication of a requester that is not authorized to communicate on a VLAN (i.e., an invalid requester) based on standard “rules for tagging frames”. Appeal 2008-2284 Application 10/273,497 10 Unitt discloses checking if VLAN tags “attached to an incoming frame on the customer port is a member of the set of tags allocated to that ONU” and that “if the tag is valid, the ONU will the forward the frame . . . [but] if the tag is invalid, the ONU may . . . discard the frame” ((¶[0082]). Hence, Unitt discloses VLAN tags that can be selectively set to “valid” or “invalid” and that, when set to “invalid,” cause frames to be discarded or filtered. Because Volpano discloses filtering data communication based on invalid data communication (i.e., inappropriate security level for a given VLAN) based on “rules for tagging frames” and Unitt discloses tagging frames as “invalid” and filtering frames tagged as invalid, we agree with the Examiner that at least Volpano and Unitt discloses or suggests designating a VLAN tag corresponding to a security level to be set to “invalid” as recited in claim 18. Appellants argue that “nothing in Unitt teaches that the VLAN tag corresponds to a designated security level” (App. Br. 17). However, as set forth above, we agree with the Examiner that Volpano discloses different VLANs having different security levels. The VLAN tag of Unitt indicates data frames received at a VLAN to be discarded if the tag is selectively set to “invalid.” In combination with Volpano’s VLANs of different security levels, we agree with the Examiner that the combination of Volpano and Unitt discloses or suggests a VLAN tag indicating an invalid frame for a given VLAN (Unitt) based on a security level of the VLAN (Volpano). Appeal 2008-2284 Application 10/273,497 11 For at least the aforementioned reasons, we conclude that Appellants have not sustained the requisite burden on appeal in providing arguments or evidence persuasive of error in the Examiner’s rejection of claim 18 with respect to issue #2. CONCLUSION OF LAW Based on the findings of facts and analysis above, we conclude that Appellants have failed to demonstrate that the Examiner erred in finding that Volpano, Van Seters and/or Unitt discloses or suggests selectively designating a VLAN tag corresponding to a designated security level to be set to ‘invalid’, thereby causing all frames using that designated security level to be filtered. However, we find that Appellant has demonstrated that the Examiner erred in finding that Volpano and/or Van Seters discloses or suggests selectively assigning one of a predetermined security level, multiple security levels, and no security level to each VLAN. DECISION We affirm the Examiner’s decision rejecting claim 18 under 35 U.S.C. § 103. We reverse the Examiner’s decision rejecting claims 1-17 under 35 U.S.C. § 103. Appeal 2008-2284 Application 10/273,497 12 No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED-IN-PART rwk BEVER HOFFMAN & HARMS, LLP 2099 GATEWAY PLACE SUITE 320 SAN JOSE, CA 95110 Copy with citationCopy as parenthetical citation
