NICIRA, INC.Download PDFPatent Trials and Appeals BoardJul 27, 202015050478 - (D) (P.T.A.B. Jul. 27, 2020) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/050,478 02/23/2016 Donghai HAN N225.02 1146 109858 7590 07/27/2020 ADELI LLP 11859 Wilshire Blvd. Suite 408 Los Angeles, CA 90025 EXAMINER CHAMPAKESAN, BADRI NARAYANAN ART UNIT PAPER NUMBER 2438 NOTIFICATION DATE DELIVERY MODE 07/27/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com mail@adelillp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte DONGHAI HAN ____________________ Appeal 2019-002910 Application 15/050,478 Technology Center 2400 ____________________ Before ALLEN R. MacDONALD, JASON V. MORGAN, and DAVID J. CUTITTA II, Administrative Patent Judges. MacDONALD, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from a final rejection of claims 1–21. Appeal Br. 1. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE.2 1 Appellant identifies VMware, Inc., and Nicira, Inc., as the real parties in interest. Appeal Br. 2. 2 This appeal is related to appeal number 2019-003102 (application number 15/050,477). Appellant failed to identify this appeal as being related. See Appeal Br. 2. The two applications are based on the same disclosures by the Appeal 2019-002910 Application 15/050,478 2 CLAIMED SUBJECT MATTER Claim 1 is illustrative of the claimed subject matter (emphasis, formatting, and bracketed material added): 1. A method for a computing device to implement a distributed firewall in a virtualized computing environment that includes the computing device, a source host and a destination host, the method comprising: [A.] the computing device retrieving a first firewall rule that is applicable at the destination host to an ingress packet destined for a destination virtualized computing instance supported by the destination host, wherein the first firewall rule is applicable at the destination host to drop the ingress packet having a set of packet fields; [B.] based on the first firewall rule, the computing device generating a second firewall rule that is applicable at the source host to an egress packet destined for the destination virtualized computing instance, wherein the second firewall rule is generated in addition to the first firewall rule, and applicable at the source host to drop the egress packet having the set of packet fields; and same inventor. The rejected claims are similar. The arguments, although directed to different prior art, are similar. The patent practitioner filing the appeals is the same. The real parties in interest are the same. And the Notice of Appeal and Appeal Brief filings in both applications fall within the same three-month period. Appellant and Appellant’s counsel are reminded of the duty to identify all other prior . . . appeals . . . which satisfy all of the following conditions: involve an application . . . owned by the appellant or assignee, are known to appellant, the appellant’s legal representative, or assignee, and may be related to, directly affect . . . or have a bearing on the Board’s decision in the pending appeal. 37 C.F.R. § 41.37(c)(1)(ii) (2018). Appeal 2019-002910 Application 15/050,478 3 [C.] the computing device instructing the source host to apply the second firewall rule to, in response to the source host detecting the egress packet having the set of packet fields, drop the egress packet such that the egress packet is not sent from the source host to the destination host. REFERENCES3 The Examiner relies on the following references: Name Reference Date Basak US 9,621,516 B2 Apr. 11, 2017 Lee US 9,634,990 B2 Apr. 25, 2017 Arramreddy US 2017/0118173 A1 Apr. 27, 2017 REJECTIONS The Examiner rejects claims 1–4, 7–11, 14–18, and 21 under 35 U.S.C. § 103 as being unpatentable over the combination of Lee and Basak. Final Act. 3–19. We select claim 1 as the representative claim for this rejection. The contentions discussed herein as to claim 1 are determinative as to this rejection. The Examiner rejects claims 5, 6, 12, 13, 19, and 20 under 35 U.S.C. § 103 as being unpatentable over the combination of Lee, Basak, and Arramreddy. Final Act. 19–25. The contentions discussed herein as to claim 1 are also determinative as to this rejection. Therefore, except for our ultimate decision, we do not address claims 2–21 further herein. 3 All citations herein to the references are by reference to the first named inventor/author only. Appeal 2019-002910 Application 15/050,478 4 OPINION We have reviewed the Examiner’s rejections in light of Appellant’s arguments that the Examiner has erred. Appellant’s contentions we discuss are determinative as to the rejections on appeal. Therefore, Appellant’s other contentions are not discussed in detail herein. A. In rejecting claim 1, the Examiner finds: [T]he analogous art Basak teaches based on the first firewall rule, the computing device generating a second firewall rule that is applicable at the source host to an egress packet destined for the destination virtualized computing instance. Final Act. 5 (emphasis omitted). B. Appellant contends that the Examiner erred in rejecting claim 1 under 35 U.S.C. § 103 because: The Office Action misinterpreted a limitation of the independent claims and failed to address the actual limitation recited in the claims. Specifically, the Office Action cites to references that disclose converting a firewall policy into a firewall rule as disclosing generating a second firewall rule from a first firewall rule. Appeal Br. 7. [B]oth Lee and Basak are concerned with generating firewall rules based on application profiles (Lee) or policy rules (Basak) that are defined by attributes other than those used to apply the rules to network traffic. Specifically, the policy rules of Fig. 4 include a policy that traffic from a source machine executing a particular operating system to a particular application executing on a destination machine should be denied (dropped). This policy cannot be applied, without transformation, at a destination Appeal 2019-002910 Application 15/050,478 5 host to drop an ingress packet having a set of packet fields because an ingress packet does not include, in a set of packet fields, information about the operating system of its source or an application executing on the destination machine. Appeal Br. 11. C. The Examiner responds by determining: Basak clearly discloses that “The set of firewall rules (that includes first, second etc firewall rules) in Fig. 5 are generated (in other words, derived) from the first firewall rules in Fig. 4. Also, C2L53-56: The policy rules are transformed to firewall rules that include machine identifiers of machines having attributes from among the machine attributes that satisfy the attribute dependent policy rules through either a push or a pull process. Ans. 4. D. As articulated by the Federal Circuit, the Examiner’s burden of proving non-patentability is by a preponderance of the evidence. See In re Caveney, 761 F.2d 671, 674 (Fed. Cir. 1985) (“preponderance of the evidence is the standard that must be met by the PTO in making rejections”). “A rejection based on section 103 clearly must rest on a factual basis[.]” In re Warner, 379 F.2d 1011, 1017 (CCPA 1967). “The Patent Office has the initial duty of supplying the factual basis for its rejection. It may not . . . resort to speculation, unfounded assumptions or hindsight reconstruction to supply deficiencies in its factual basis.” Id. We conclude the Examiner’s analysis fails to meet this standard because the rejection does not adequately explain the Examiner’s findings of fact. Appeal 2019-002910 Application 15/050,478 6 Particularly, we agree with Appellant that the language of claim 1 requires “based on [a] first firewall rule . . . generating a second firewall rule,” and we disagree with the Examiner’s reasoning that “transforming policy rules to firewall rules” as in Basak, without more, is sufficient to show the argued claim limitation. We conclude, consistent with Appellant’s arguments that there is insufficient articulated reasoning to support the Examiner’s finding that Basak renders obvious the argued claim limitation. Therefore, we conclude that there is insufficient articulated reasoning to support the Examiner’s final conclusion that claim 1 would have been obvious to one of ordinary skill in the art at the time of Appellant’s invention. CONCLUSION Appellant has demonstrated the Examiner erred in rejecting claims 1– 21 as being unpatentable under 35 U.S.C. § 103. The Examiner’s rejections of claims 1–21 as being unpatentable under 35 U.S.C. § 103 are reversed. Appeal 2019-002910 Application 15/050,478 7 DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1–4, 7–11, 14–18, 21 103 Lee, Basak 1–4, 7– 11, 14– 18, 21 5, 6, 12, 13, 19, 20 103 Lee, Basak, Arramreddy 5, 6, 12, 13, 19, 20 Overall Outcome 1–21 REVERSED Copy with citationCopy as parenthetical citation
