Ex Parte 7,774,833 et alDownload PDFPatent Trial and Appeal BoardAug 19, 201695001811 (P.T.A.B. Aug. 19, 2016) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 95/001,811 11/08/2011 7,774,833 11517.0010-00000 4942 87916 7590 08/19/2016 2nd Reexam Group - Polsinelli PC 1000 Louisiana Street Fifty-Third Floor Houston, TX 77002 EXAMINER WOOD, WILLIAM H ART UNIT PAPER NUMBER 3992 MAIL DATE DELIVERY MODE 08/19/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE PATENT TRIAL AND APPEAL BOARD ____________ A10 NETWORKS, INC. Requester and Respondent v. BROCADE COMMUNICATIONS, INC. Patent Owner and Appellant ____________ Appeal 2014-007379 Reexamination Control 95/001,811 Patent 7,774,833 B1 Technology Center 3900 ____________ Before HOWARD B. BLANKENSHIP, MAHSHID D. SAADAT, and JENNIFER L. McKEOWN, Administrative Patent Judges. McKEOWN, Administrative Patent Judge. DECISION ON REHEARING In the Decision on Appeal dated March 30, 2015 (“Decision”), we affirmed-in-part the Examiner’s rejections. In particular, the Decision sustains the rejection of claims 1–3 and 11–15 as unpatentable over IronShield and the rejection of claim 16 as unpatentable over IronShield and Procurve. The Decision does not sustain (1) the rejections of claims 2–5 and 12–16 based on Procurve, (2) the rejection of claim 4 based on IronShield, and (3) the rejection of claim 5 based on IronShield and Procurve. Appeal 2014-007379 Reexamination Control 95/001,811 Patent 7,774,833 B1 2 Patent Owner requests rehearing of this Decision under 37 C.F.R. § 41.79. Request for Rehearing (“Request”) dated April 29, 2015. In this Request, Patent Owner contends the Board overlooked certain of Patent Owner’s arguments regarding claim 11. Request 2–10. Claim 11 recites: 11. A network device comprising: a plurality of ports including a management port; and a control component configured to: determine if a destination IP address included in a received data packet corresponds to a gateway IP address of the management port; if the destination IP address corresponds to the gateway IP address of the management port, determine if the data packet originated from a management virtual local area network (VLAN), wherein the management VLAN includes the management port; if the data packet did not originate from the management VLAN, determine if the data packet uses a management protocol; and if the data packet uses a management protocol, drop the packet. With respect to claim 11, Patent Owner more specifically asserts the Board misapprehended or overlooked that, unlike claim 1, the proposed modification of Figure 4 could not be a basis for the rejection of claim 11 because claim 11 explicitly requires the claimed network device (i.e., Router #2) to drop a packet originating from another management VLAN (i.e., a packet originating from the Management VLAN on Router #1). Appeal Brief at 11. Thus, there could be no communication between the two management VLANs in Figure 4 if it were modified to read on claim 11, which would defeat the entire purpose of the Figure 4 embodiment. Request 2; see also Request 3 (asserting that claim 11 includes an “explicit requirement for a network device to drop all management packets that do not Appeal 2014-007379 Reexamination Control 95/001,811 Patent 7,774,833 B1 3 originate from the management VLAN corresponding to the management port of that network device.”). We disagree. Claim 11 does not require the claimed network device to drop every packet received that does not originate from the management VLAN, rather the claimed network device is only configured to drop a packet according to the three claimed criteria including the criteria that the packet does not originate from the management VLAN. In other words, as long as a network device is configured to drop a packet according to the claimed criteria in at least one instance, that network device would satisfy the limitation. For example, in IronShield’s figure 4 example, a packet from data VLAN 10.0.0.0 with the destination IP address of one management station of router 2 would satisfy the limitation of being a packet that does not originate from the management VLAN. Moreover, the Decision does not rely on the particular control access limitations of IronShield’s exemplary step 3, but instead more broadly relies on exemplary step 3 for teaching determining if the destination IP address corresponds to the gateway IP address of the management port. Decision 34–36; Ans. 10 (finding that IronShield considers the IP destination address of the management stations in a rule for filtering); Ans. 11 (stating that access control lists are part of IronShield’s management VLAN). IronShield also describes the additional criteria, namely denying access to packets using a management protocol that do not originate from the management VLAN. Ans. 11 (citing pages 23 and 24 of Request for Inter Partes Reexamination, dated November 8, 2011). As such, IronShield teaches or suggests each of the determining limitations of claim 11. Appeal 2014-007379 Reexamination Control 95/001,811 Patent 7,774,833 B1 4 We further note that any “proposed modification” of IronShield to arrive at the invention of claim 11 would merely apply the filtering criteria to router 2 in addition to router 1. As the Decision points out, this alleged modification would have been obvious to a skilled artisan as IronShield discloses to “[a]dd the necessary packet filtering ACLs to limit access to and from each management VLAN.” Decision 36 (quoting IronShield 20); see also IronShield 18 (noting that “ACLs can be used to restrict access to and from the management VLANs” and that access security is governed by packet filtering ACLs); IronShield 19 (“Precautions should be taken to limit access into the management VLANs through use of packet filtering ACLs or firewalls”); IronShield 20 (noting that the step of creating an access control list should be repeated for “each management VLAN”). In other words, IronShield at least suggests using ACLs for each management VLAN, not just the management VLAN connected to router 1. Patent Owner additionally argues that the Board overlooked that the Examiner switched from Figure 4 to Figure 3 for teaching the limitations of claim 11. Request 2–4. To the contrary, the Requester merely points to Figure 3 as additional support for the rejection. See, e.g., Requester’s ACP Comment 30–31. As discussed above, Figure 4 demonstrates the determining criteria of claim 11 and therefore we are not persuaded of error. Patent Owner next asserts that the Board overlooked an independent argument presented for claim 11. Request 3. Particularly, Patent Owner maintains that the Board failed to consider the argument that “since one of the claimed criteria is determining if the packet originated from the management VLAN, it would not make sense to modify IronShield to Appeal 2014-007379 Reexamination Control 95/001,811 Patent 7,774,833 B1 5 include the additional criteria recited in claim 11 that must be met in order to drop a packet.” Request 3 (quoting App. Br. 11). This argument, however, fails to consider IronShield’s express teaching of each claimed criteria. For example, as discussed above, IronShield describes determining if the destination IP address corresponds to the gateway IP address of the management port. IronShield 20; Ans. 10. IronShield also describes determining if the data packet originated from the management VLAN including the management port and whether the data packet uses a management protocol. See, e.g., IronShield 21 (noting that the router “will only accept management protocols from hosts belonging to the management VLAN” and, in one example, describing that clients using a management protocol from ports outside the management VLAN will not be granted management access); IronShield 20 (“For stricter security, create specific ACLs to govern each management protocol”); Ans. 11. As the Examiner points out, IronShield teaches using these criteria to “limit access to and from each management VLAN.” Ans. 11; see also Decision 36. Moreover, contrary to Patent Owner’s assertions, a skilled artisan would understand that IronShield’s router 2 does not drop all received traffic that do not originate from the management VLAN. Notably, IronShield teaches restricting of “control access” or management traffic. IronShield 18 (discussing control access between management VLAN and other networks supporting regular data traffic); IronShield 5–6. In other words, a skilled artisan would recognize that IronShield’s router 2 would permit transmission of regular data traffic, but would restrict management traffic based on IronShield’s identified criteria, such as whether the packets’ destination IP Appeal 2014-007379 Reexamination Control 95/001,811 Patent 7,774,833 B1 6 address is a management station address, whether the packets originated from a management VLAN, and whether the packets use the associated management protocol. See, e.g., IronShield 20–21. As such, we are unpersuaded by Patent Owner’s argument that it would not make sense to include in IronShield determining whether the destination IP address is the gateway address of the management port in addition to determining if the packet originated from the management VLAN and if the packet uses a management protocol. Patent Owner’s Request is granted to the extent that we have reconsidered the Decision in light of the Request, but denied to the extent that we do not modify the outcome of the Decision. Pursuant to 37 C.F.R. § 41.79(d), this decision is final for the purpose of judicial review. A party seeking judicial review must timely serve notice on the Director of the United States Patent and Trademark Office. See 37 C.F.R. §§ 90.1 and 1.983. DENIED Appeal 2014-007379 Reexamination Control 95/001,811 Patent 7,774,833 B1 7 PATENT OWNER: 2ND REEXAM GROUP - POLSINELLI PC 1000 Louisiana Street Fifty-Third Floor Houston, TX 77002 THIRD-PARTY REQUESTER: Timothy J. May FINNEGAN HENDERSON, FARABOW, GARRETT & DUNNER, LLP 901 New York Avenue, N.W. Washington, DC 20001-4413 Copy with citationCopy as parenthetical citation