Ex Parte Bartal et alDownload PDFPatent Trial and Appeal BoardMar 21, 201311502188 (P.T.A.B. Mar. 21, 2013) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 11/502,188 08/10/2006 INV001Yair Bartal 4-9-13 8763 7590 03/22/2013 Ryan, Mason & Lewis, LLP Suite 205 1300 Post Road Fairfield, CT 06824 EXAMINER GYORFI, THOMAS A ART UNIT PAPER NUMBER 2435 MAIL DATE DELIVERY MODE 03/22/2013 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ________________ Ex parte YAIR BARTAL, ALAIN JULES MAYER, and AVISHAI WOOL ________________ Appeal 2010-009656 Application 11/502,188 Technology Center 2400 ________________ Before KALYAN K. DESHPANDE, JASON V. MORGAN, and JOHN G. NEW, Administrative Patent Judges. MORGAN, Administrative Patent Judge. DECISION ON APPEAL Appeal 2010-009656 Application 11/502,188 2 STATEMENT OF THE CASE Introduction This is an appeal under 35 U.S.C. § 134(a) from the Examiner’s final rejection of claims 1 – 3, 5 – 10, and 12 – 22. Claims 4 and 11 are canceled. App. Br. 2. We have jurisdiction under 35 U.S.C. § 6(b)(1). We affirm. Invention The invention relates to a method and apparatus for managing a firewall. The disclosed firewall manager facilitates the generation of a security policy for a particular network environment, and automatically generates the firewall-specific configuration files from the security policy simultaneously for multiple gateways. The security policy is separated from the vendor-specific rule syntax and semantics and from the actual network topology. See Abstract. Exemplary Claim (Emphasis Added) 1. A method for generating a configuration file for at least one firewall in a network, said network including a plurality of interconnected hosts, said method implemented by a processor and comprising the steps of: utilizing a model definition language to produce an entity relationship model based on a definition for one or more role entities that further define allowed services and a direction in which services can be executed, wherein said entity relationship model represents a security policy for said network and wherein each of said roles may be assigned to said hosts independently of a topology of said network, such that said hosts inherit said definitions associated with an assigned role; and Appeal 2010-009656 Application 11/502,188 3 translating said entity relationship model into said firewall configuration file, wherein one or more of said steps are performed by said processor. Rejection The Examiner rejects claims 1 – 3, 5 – 10, and 12 – 22 under 35 U.S.C. § 103(a) as being unpatentable over Wiegel (US 6,484,261 B1; Nov. 19, 2002; filed. Dec. 11, 1998) and Shwed (US 5,835,726; Nov. 10, 1998). Ans. 3 – 7. ISSUE Did the Examiner err in finding that the combination of Wiegel and Shwed teaches or suggests “wherein each of said roles may be assigned to said hosts independently of a topology of said network, such that said hosts inherit said definitions associated with an assigned role,” as recited in claim 1? ANALYSIS In rejecting claim 1, the Examiner finds that Wiegel, which is directed to graphical network security policy management, teaches or suggests utilizing a model definition language to produce an entity relationship model representing a security policy for a network. See Ans. 3 (citing Wiegel col. 14, ll. 1 – 60). However, the Examiner finds that Wiegel “appears to require that roles are assigned to a host in a manner that is dependent on the topology of the network.” Ans. 4. Specifically, the Examiner finds that Wiegel’s graphical user interface, which uses a Networks tree 720, creates this role assignment restriction. See Advisory Action 2 (Aug. 6, 2009); see also Wiegel figs. 7B and 9. Thus, the Examiner further relies on Shwed, Appeal 2010-009656 Application 11/502,188 4 which is directed to a system for securing the flow of and selectively modifying packets in a computer network, to teach or suggest an alternative graphical user interface that enables assignment of roles without knowledge of the topology of the network. See Ans. 4 (citing, e.g., Shwed fig. 3/2). Appellants argue that the Examiner erred because “Wiegel does not disclose or suggest that each of said roles may be assigned to said hosts independently of a topology of said network.” Reply Br. 4. In particular, Appellants argue that modifying Wiegel to use the user interface of Shwed would not teach or suggest the claimed invention because “a different graphical user interface does not alter the underlying security policy, entity relationship model or the characteristics and assignment of roles in Wiegel.” Reply Br. 11 (emphasis omitted). We disagree. Wiegel teaches that an “administrator can define a security policy once and apply it to a plurality of network devices,” Wiegel col. 14, ll. 36 – 37, where policies can be applied to “individual machines, or to arbitrary groups of machines residing in defined physical or logical networks,” Wiegel col. 14, ll. 49 – 52. See also Ans. 5 (Wiegel would allow topology-independent assignment of roles if user given option to view individual hosts without other information). That is, the underlying model in Wiegel allows defined security policies (i.e., roles) to be applied arbitrarily to machines or groups of machines (i.e., hosts) without consideration of a network topology, such that the target machines inherit the definitions associated with the assigned security policies. We thus agree with the Examiner that any restrictions of role assignments based on network topology are a product of Wiegel’s user interface, not Wiegel’s underlying system or model. See Advisory Action 2 (Aug. 6, 2009); see also Ans. 4. Furthermore, the Examiner correctly finds Appeal 2010-009656 Application 11/502,188 5 that it would have been obvious to an artisan of ordinary skill to modify Wiegel to use Shwed’s user interface, which enables hosts to be viewed without additional information indicating how the hosts fit into the network topology. See Ans. 12 – 13 (citing Shwed fig. 3/2). Therefore, we agree with the Examiner that the combination of Wiegel and Shwed teaches or suggests “wherein each of said roles may be assigned to said hosts independently of a topology of said network, such that said hosts inherit said definitions associated with an assigned role,” as recited in claim 1. Appellants further argue that the Examiner erred because “Wiegel’s teaching to require that roles are assigned to a host in a manner that is dependent on the topology of the network teaches away from the claimed invention.” App. Br. 8. However, as discussed above, Wiegel’s underlying model does not require assignment of roles in a manner dependent on the topology of the network. Thus, Wiegel does not criticize, discredit, or otherwise discourage the use of a graphical user interface that allows for assignment of roles in a manner that does not depend on network topology. See In re Fulton, 391 F.3d 1195, 1201 (Fed. Cir. 2004). Appellants also argue that “the Examiner has failed to produce any evidence that the GUI [graphical user interface] disclosed by Shwed is compatible with the system of Wiegel.” App. Br. 9; see also Reply Br. 13. However, the Examiner has presented sufficient findings showing that it was within the skill of an artisan of ordinary skill to modify Wiegel to use the graphical user interface of Shwed. See Ans. 4 and 12 – 13. Moreover, such a modification merely represents the alteration by mere substitution of one element (Wiegel’s Networks tree-based user interface) using another element known in the field (Shwed’s graphical user interface, with network topology hidden) to Appeal 2010-009656 Application 11/502,188 6 yield predictable results. See KSR Int’l, Co. v. Teleflex, Inc., 550 U.S. 398, 416 (2007). Therefore, we find the Examiner did not err in relying on the combined teachings and suggestions of Wiegel and Shwed. Accordingly, we affirm the Examiner’s 35 U.S.C. § 103(a) rejection of claim 1, and claims 2, 3, 5 – 10, and 12 – 22, which Appellants do not argue separately with sufficient specificity. See App. Br. 9. DECISION We affirm the Examiner’s decision to reject claims 1 – 3, 5 – 10, and 12 – 22. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(1)(iv). AFFIRMED ELD Copy with citationCopy as parenthetical citation
