2021000922 (P.T.A.B. Mar. 11, 2022)

Nicira, Inc.

Patent Trials and Appeals BoardMar 11, 2022

2021000922 (P.T.A.B. Mar. 11, 2022)

UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/590,555 05/09/2017 Kaushal Bansal N358 2079 152691 7590 03/11/2022 Setter Roche LLP 1860 Blake Street Suite 100 Denver, CO 80202 EXAMINER GHAFFARI, ABU Z ART UNIT PAPER NUMBER 2195 NOTIFICATION DATE DELIVERY MODE 03/11/2022 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com uspto@setterroche.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte KAUSHAL BANSAL and UDAY MASUREKAR ____________ Appeal 2021-000922 Application 15/590,555 Technology Center 2100 ____________ Before MAHSHID D. SAADAT, NORMAN H. BEAMER, and JAMES W. DEJMEK, Administrative Patent Judges. BEAMER, Administrative Patent Judge. DECISION ON APPEAL Appellant1 appeals under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1-3, 5, 6, 9-11, 13-15, 17-21, and 23. Claims 4, 7, 8, 12, 16, and 22 are cancelled. We have jurisdiction over the pending rejected claims under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42 (2019). Appellant identifies the real parties in interest as VMware, Inc. and Nicira, Inc. (Appeal Br. 2.) Appeal 2021-000922 Application 15/590,555 2 THE INVENTION Appellant’s disclosed and claimed invention is directed to management of software defined networks. (Abstr.) Independent claim 1, reproduced below, is illustrative of the subject matter on appeal: 1. A method comprising: maintaining a data plane forwarding configuration for software defined networks in a computing environment based on forwarding rules, wherein the software defined networks comprise a plurality of virtual machines for a plurality of entities that share the computing environment, wherein the forwarding rules define actions to be taken against data packets based at least on a combination of two or more tags associated with each virtual machine in the software defined networks, wherein the two or more tags for each virtual machine comprise an entity tag that identifies an entity of the plurality of entities to which the virtual machine belongs and a security group tag that identifies a type of operation provided by the virtual machine, wherein the data plane forwarding configuration associates one or more addressing attributes identified in a data packet with a corresponding action, and wherein the one or more addressing attributes are associated with at least one virtual machine of the plurality of virtual machines and comprise one or more internet protocol (IP) addresses, one or more logical ports, or one or more media access control (MAC) addresses; identifying a virtual machine for addition to the software defined networks, the virtual machine having at least an entity tag and a security group tag; identifying a subset of the forwarding rules that apply to the virtual machine based on at least a combination of the entity tag and the security group tag associated the virtual machine; and Appeal 2021-000922 Application 15/590,555 3 updating the data plane forwarding configuration based on the subset of the forwarding rules that apply to the virtual machine. (Appeal Br. 10 (Claims App’x).) REJECTION The Examiner rejected claims 1-3, 5, 6, 9-11, 13-15, 17-21, and 23 under 35 U.S.C. § 103 as being unpatentable over Chang et al. (US 2018/0109471 Al, pub. Apr. 19, 2018) (“Chang”) and Jain et al. (US 2017/0339188 Al, pub. Nov. 23, 2017) (“Jain”). (Final Act. 3-11.) ISSUE ON APPEAL Appellant’s arguments in the Appeal Brief present the following dispositive issue2: Whether the Examiner erred in finding the combination of Chang and Jain taught or suggested the independent claim 1 limitation, “wherein the two or more tags for each virtual machine comprise an entity tag that identifies an entity of the plurality of entities to which the virtual machine belongs and a security group tag that identifies a type of operation provided by the virtual machine,” and the commensurate limitations of independent claims 9 and 17. (Appeal Br. 4-7.) ANALYSIS In arguing that Chang and Jain would not have taught or suggested the above claim limitation, Appellant in particular argues that the references would not have taught the use of “an entity tag that identifies an entity of the 2 Rather than reiterate the arguments of Appellant and the positions of the Examiner, we refer to the Appeal Brief (filed June 30, 2020), the Reply Brief (filed Nov. 18, 2020), the Examiner’s Answer (mailed Sept. 18, 2020), and the Final Office Action (mailed Jan. 31, 2020) for the respective details. Appeal 2021-000922 Application 15/590,555 4 plurality of entities to which the virtual machine belongs,” as required. (Appeal Br. 4-7.) The Examiner found that Jain taught the use of an entity tag, citing the disclosure in Jain of “endpoint groups,” which are classified “based on network segment identifier [such as] VLAN ID [virtual local area network ID], VNID [virtual extensible local area network identifier], VSID [virtual subnet identifier], endpoint’s network address, MAC/IP address . . . attribute EPG [such as] VM name and guest OS name, [and] tag packets of different EPS with different networks segment identifiers . . . .” (Final Act. 6 (citing Jain ¶¶ 21-23) (emphasis omitted).) Appellant argues that none of these attributes of endpoint groups can form entities that are identified by “entity tags”: EPGs [endpoint groups] may be generated based on virtual machines with common attributes, and packets from the EPGs may be tagged with different network segmentation identifiers. Jain fails to indicate that that [sic] common attributes to generate the EPGs may include a tag that identifies an entity of a plurality of entities. Rather EPGs are only classified based on “security, QOS (quality of service), performance, services, and so forth. . .” Jain only indicates that EPGs may be generated based on services provided by the device, not a combination of the security group tag and an entity tag that identifies an entity to which the virtual machine belongs. (Appeal Br. 7 (emphasis omitted).) The Examiner responds by first defining entity tags as “tags identifying each virtual machine of a group of virtual machines segregated based on one or more attributes.” (Ans. 6 (citing Spec. Figs. 3, 6, ¶¶ 13, 27).) Applying this definition, the Examiner annotates Figures 1 and 2 of Jain, reproduced below, to indicate that which the Examiner finds are entity tags. Appeal 2021-000922 Application 15/590,555 5 Appeal 2021-000922 Application 15/590,555 6 (Ans. 10.) Annotated Figures 1 and 2 indicate that the Examiner equates the “SDNs” (“software defined networking solution”) of Figure 1 with entities, and equates labels 204, 212, and 218 in Figure 2 with entity tags. In reply, Appellant argues that “[t]he Specification of the current application provides that entities ‘may be different groups within an organization, different organizations, development groups, or some other similar entity.’” (Reply Br. 2 (citing Spec. ¶ 34).) Appellant further argues: Jain provides “Endpoints can have many attributes, such as VM name, guest OS (operating system) name, security tag, etc.” Jain further provides that EPGs are only classified based on “security, QOS (quality of service), performance, services, and so forth. . .” Jain fails to teach or suggest that EPGs or endpoint groups are determined based on an entity of a plurality of entities that share a computing environment. (Id.) (internal citations omitted.) We agree with Appellant. The Examiner’s definition of “entity tags” as “based on one or more attributes” is unreasonably broad, in light of the Specification. Although the Specification does not explicitly define “entity,” it discloses the use of “entity” exclusively in the sense of “organizations, development groups, or some other similar entity”: [A]n administrator may desire that a virtual machine providing front-end functionality for a first organization only communicate with virtual machines providing application functionality for the same organization. [T]o provide the segmentation between entities (which may be used in multi-tenant service provider environments or software development environments) . . . . [A] first entity, such as a first organization using computing environment 100 may use a tag associated with first entity 102, while a second organization using computing environment 100 may use a tag associated with second entity 103. Appeal 2021-000922 Application 15/590,555 7 [W]hen multiple tenants employ a similar configuration, the tenants may share a rule set, and be provided with segregation using at least one entity tag. . . . Accordingly, if tenants comprised a testing tenant and a deployed tenant, the testing tenant would be incapable of communicating with the deployed tenant virtual machines. (Spec. ¶¶ 12, 13, 19, 34, 45.) The Examiner’s broad construction of “entity” as any classification based on “attributes” in effect would encompass a tag that identifies “a type of operation provided by the virtual machine” - but that is what is separately claimed as a “security group tag.” Moreover, the SDNs of Figure 1 of Jain, which the Examiner would call entities, refer to “Software-defined networking,” examples of which include “CISCO APPLICATION CENTRIC INFRASTRUCTURE (ACI) and VMWARE NSX.” (Jain ¶ 20.) Also, of the labels in Figure 2 that the Examiner attributes to entity tags, only label 204 relates to an endpoint group. (Jain ¶ 62.) The Examiner does not explain how an SDN can be an entity, and an endpoint group label can be an entity tag. We are not persuaded that Jain teaches or suggests the concept of “entity” or “entity tag” as claimed. Accordingly, we do not sustain the Examiner’s obviousness rejections of independent claims 1, 9 and 17 over Chang and Jain. We also do not sustain the obviousness rejections of claims 2, 3, 5, 6, 10, 11, 13-15, 18-21, and 23 over Chang and Jain, which are not argued separately. (Appeal Br. 8.) Appeal 2021-000922 Application 15/590,555 8 DECISION SUMMARY In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1-3, 5, 6, 9-11, 13- 15, 17-21, 23 103 Chang, Jain 1-3, 5, 6, 9- 11, 13-15, 17-21, 23 REVERSED