Nicira, Inc.Download PDFPatent Trials and Appeals BoardDec 11, 20202019003961 (P.T.A.B. Dec. 11, 2020) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/197,652 06/29/2016 Kaushal Bansal N296.01 2846 109858 7590 12/11/2020 ADELI LLP P.O. Box 516 Pacific Palisades, CA 90272 EXAMINER TRAN, ELLEN C ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 12/11/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com mail@adelillp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte KAUSHAL BANSAL and UDAY MASUREKAR Appeal 2019-003961 Application 15/197,652 Technology Center 2400 Before DAVID J. CUTITTA II, MICHAEL J. ENGLE, and SCOTT RAEVSKY, Administrative Patent Judges. RAEVSKY, Administrative Patent Judge. DECISION ON APPEAL Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1–21. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies the real parties in interest as VMware, Inc. and Nicira, Inc. Appeal Br. 2. Appeal 2019-003961 Application 15/197,652 2 CLAIMED SUBJECT MATTER The claims relate to a method of defining distributed firewall rules in a group of datacenters. Spec., Abstr. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A method of defining and distributing firewall rules for a plurality of data compute nodes (DCNs) executing in a set of two or more datacenters, the method comprising: at a first datacenter, associating a unique identifier, for a DCN in a second datacenter, with a security tag, wherein the unique identifier for the DCN is a globally unique identifier across the first and second datacenters; defining a firewall rule with a reference to the security tag; and distributing the firewall rule with the reference to the security tag from the first datacenter to a network controller at the second datacenter; wherein the network controller at the second datacenter uses the security tag referenced by the distributed firewall rule to identify the unique identifier for the DCN, maps the unique DCN identifier to a local network address associated with the DCN at the second datacenter, uses the local network address to define a matching attribute of a local firewall rule, and defines an action of the distributed firewall rule as an action of the local firewall rule; wherein a firewall enforcing machine at the second datacenter uses the local firewall rule to process packets associated with the DCN in accordance with a firewall action specified by the local firewall rule. Appeal 2019-003961 Application 15/197,652 3 REFERENCES The prior art relied upon by the Examiner is: Litvin US 2009/0249472 A1 Oct. 1, 2009 Loh US 2015/0277949 A1 Oct. 1, 2015 REJECTION2 Claims 1–21 stand rejected under 35 U.S.C. § 103 as being unpatentable over Litvin and Loh. Final Act. 11. ANALYSIS Appellant contends that the combination of Litvin and Loh fails to teach or suggest “defining a firewall rule with a reference to the security tag,” as recited in claim 1. Appeal Br. 14–15. Appellant contends: The Office Action identifies the virtual machine identifier as corresponding to the claimed DCN identifier and the received message as corresponding to the security tag. This reasoning is invalid on its face. A message may contain a security tag, or even function as a security alert message, but a message on its own very clearly is not a security tag. Id. at 15. The Examiner cites several parts of Litvin for the disputed limitation. Final Act. 12 (citing Litvin ¶¶ 15, 111–13, 115, 133, 134, Fig. 13). In the Answer, the Examiner concedes that “neither reference uses the term ‘security tag’” but finds that under the broadest reasonable interpretation, “a security tag is another term for a firewall rule/policy associating with a virtual machine, which is clearly suggested by Litvin see paragraphs 11 and 70.” Ans. 8. The Examiner further finds that the Specification supports an 2 The Examiner withdrew a rejection of claims 1–21 under 35 U.S.C. § 101. Ans. 6. Appeal 2019-003961 Application 15/197,652 4 interpretation that the security tag is equivalent to firewall rules because it refers to “using the tag to define distributed firewall rules” and that “[s]ome embodiments define universal security tags that are used to define firewall rules.” Id. (citing Spec. ¶¶ 10, 84). Appellant responds that the Answer conflates the claimed security tag and firewall rule as a single claim element. Reply Br. 2–3. Appellant contends that “[a] firewall rule . . . is not a tag of any sort, and very clearly is not a security tag.” Id. at 3. Appellant also disputes the Examiner’s interpretation of the Specification, asserting that “[u]sing security tags to define firewall rules does not make the security tags equivalent to a firewall policy/rule.” Id. To the contrary, Appellant contends, “[t]he claim language clearly argues against such an interpretation, specifically reciting that the firewall rule is defined by reference to the security tag.” Id. We agree with Appellant. The Examiner’s interpretation of “security tag” as equivalent to a firewall rule is unreasonably broad. “Different claim terms are presumed to have different meanings.” SimpleAir, Inc. v. Sony Ericsson Mobile Comm’s AB, 820 F.3d 419, 431 (Fed. Cir. 2016) (quoting Bd. of Regents of the Univ. of Tex. Sys. v. BENQ Am. Corp., 533 F.3d 1362, 1371 (Fed. Cir. 2008)). Accordingly, we start from the presumption that “security tag” and “firewall rule” have different meanings. The plain claim language of claim 1 does not rebut this presumption, as the claim does not use these terms equivalently but rather recites “defining a firewall rule with a reference to the security tag.” The terms “defining” and “with a reference to” do not equate the disputed terms, as can be seen by considering an example where a user (“John Smith”) defines an email address with a Appeal 2019-003961 Application 15/197,652 5 reference to his name (“John.Smith@email.com”), resulting in something plainly different from the user’s name. We next consult the Specification. The Examiner’s reliance on the Specification to rebut this presumption is flawed because the passages the Examiner relies on do not equate the two terms. See Ans. 8. For example, “using a tag to define distributed firewall rules” can be interpreted to mean that the firewall rule is defined based on the tag, not necessarily that the tag is the rule. See id. (citing Spec. ¶¶ 10, 84). In fact, the Specification distinguishes these terms. The Specification defines security tags: “[s]ecurity tags are user-defined objects to which one or more VM [virtual machine] objects can be associated.” Spec. ¶ 80. In contrast, the Specification explains that “firewall rules typically include several tuples and an action.” Id. ¶ 6. “The tuples refer to different objects that may or may not be recognizable by each network manager server.” Id. Even if one firewall rule’s tuples contained a security tag as an object, the security tag would not be equivalent to the firewall rule because the firewall rule also includes “an action.” See id. Thus, the Examiner’s claim interpretation is unreasonable. We do not sustain the Examiner’s rejections of claim 1, similar claims 8 and 15, and their dependent claims. We do not reach Appellant’s further allegations of error because we find the issue discussed above to be dispositive of the rejection of all the pending claims. Appeal 2019-003961 Application 15/197,652 6 CONCLUSION In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1–21 103 Litvin, Loh 1–21 REVERSED Copy with citationCopy as parenthetical citation
