Ex Parte CohnDownload PDFPatent Trial and Appeal BoardDec 28, 201613691497 (P.T.A.B. Dec. 28, 2016) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 120137.577C1 9847 EXAMINER PYZOCHA, MICHAEL J ART UNIT PAPER NUMBER 2437 MAIL DATE DELIVERY MODE 13/691,497 11/30/2012 Daniel T. Cohn 500 7590 12/28/2016 SEED INTELLECTUAL PROPERTY LAW GROUP LLP 701 FIFTH AVE SUITE 5400 SEATTLE, WA 98104 12/28/2016 PAPER Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte DANIEL T. COHN1 Appeal 2015-003366 Application 13/691,497 Technology Center 2400 Before MICHAEL J. STRAUSS, DANIEL N. FISHMAN, and JAMES W. DEJMEK, Administrative Patent Judges. DEJMEK, Administrative Patent Judge. DECISION ON APPEAL Appellant appeals under 35 U.S.C. § 134(a) from a Final Rejection of claims 26—55. Claims 1—25 have been canceled. App. Br. 30. We have jurisdiction over the remaining pending claims under 35 U.S.C. § 6(b). We affirm. 1 Appellant identifies Amazon Technologies, Inc. as the real party in interest. App. Br. 2. Appeal 2015-003366 Application 13/691,497 STATEMENT OF THE CASE Introduction Appellant’s claimed invention is directed to managing communications between multiple computing nodes separated by one or more physical networks. Spec. 110. In a disclosed embodiment, a virtual network is used as an overlay network over one or more intermediate physical networks. Spec. 111. According to the Specification, the use of a virtual network may allow for maintaining network isolation and the re positioning or addition of physical computing nodes within the virtual network. Spec. 113. Additionally, in disclosed embodiments “virtual network addresses [are assigned] to computing nodes of a virtual network address, and . . . substrate physical network addresses [are used] to manage[] computing nodes.” Spec. 151. Claim 26 is representative of the subject matter on appeal and is reproduced below with the disputed limitations emphasized in italics'. 26. A computer-implemented method comprising: receiving, by one or more configured computing systems, a communication sent by a sending node of a virtual computer network via a substrate network to a destination node of the virtual computer network, the communication having a destination substrate Internet Protocol (IP) address for the destination node and a source substrate IP address for the sending node', determining, by the one or more configured computing systems, a source virtual IP address for the sending node based at least in part on information in the received communication', determining, by the one or more configured computing systems, that the received communication is authorized for the destination node based at least in part on identifying information 2 Appeal 2015-003366 Application 13/691,497 related to the source virtual IP address that matches information related to the source substrate IP address', and initiating, by the one or more configured computing systems, providing of the received communication to the destination node based at least in part on the determining that the received communication is authorized. The Examiner’s Rejections 1. Claims 26, 30-41, 44-46, and 48—55 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Matsuoka (US 2008/0301303 Al; Dec. 4, 2008) and Motegi et al. (US 2008/0013554 Al; Jan. 17, 2008) (“Motegi”). Final Act. 3—10. 2. Claims 27—29, 42, 43, and 47 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Matsuoka, Motegi, and Pennec et al. (US 2005/0025157 Al; Feb. 3, 2005) (“Pennec”). Final Act. 10-12. Issues on Appeal 1. Did the Examiner err in finding the combination of Matsuoka and Motegi teaches or suggests a sending node sending a communication “having a destination substrate Internet Protocol (IP) address for the destination node and a source substrate IP address for the sending node” and further determining “a source virtual IP address for the sending node based at least in part on information in the received communication,” as recited in claim 26? 2. Did the Examiner err in finding the combination of Matsuoka and Motegi teaches or suggests “determining, by the one or more configured computing systems, that the received communication is authorized for the destination node based at least in part on identifying information related to 3 Appeal 2015-003366 Application 13/691,497 the source virtual IP address that matches information related to the source substrate IP address,” as recited in claim 26? 3. Did the Examiner err in finding the combination of Matsuoka and Motegi teaches or suggests storing the source virtual IP address within the source substrate IP address, as required by claim 31? 4. Did the Examiner err in finding the combination of Matsuoka and Motegi teaches or suggests “determining a location in the substrate network corresponding to the sending node, and verifying that the received communication was forwarded over the substrate network from the determined location,” as recited in claim 34? 5. Did the Examiner err in relying on the proposed combination of Matsuoka, Motegi, and Pennec in rejecting claims 27—29, 42, 43, and 47? ANALYSIS2 Claims 26, 30, 32, 33, 35—41, 44—46, and 49—55 Claim 26 recites, in part, receiving, by one or more configured computing systems, a communication sent by a sending node of a virtual computer network via a substrate network to a destination node of the virtual computer network, the communication having a destination substrate Internet Protocol (IP) address for the destination node and a source substrate IP address for the sending node. 2 Throughout this Decision, we have considered the Appeal Brief, filed June 30, 2014 (“App. Br.”); the Reply Brief, filed January 16, 2015 (“Reply Br.”); the Examiner’s Answer, mailed on November 17, 2014 (“Ans.”); and the Final Office Action (“Final Act.”) mailed on January 30, 2014, from which this Appeal is taken. 4 Appeal 2015-003366 Application 13/691,497 In other words, the communication from the sending node has two substrate IP addresses—that of the sending node and the other for the destination node. Further, claim 26 recites “determining ... a source virtual IP address for the sending node based at least in part on information in the received communication.” Therefore, based at least on the received communication, both the virtual IP address and the substrate IP address of the sending node may be determined. Appellant contends Matsuoka, as relied upon by the Examiner, fails to teach these two limitations of claim 26. App. Br. 14—17; Reply Br. 4—9. In particular, Appellant argues Matsuoka is generally directed to forming virtual private networks (VPNs), wherein nodes of the VPN are provided a connection key to identify those nodes as belonging to the VPN. App. Br. 14—15 (citing Matsuoka Tflf 5, 18—20, 31). Appellant contends Matsuoka “fails to disclose any idea of a sent communication including information about two different source IP addresses of the communication’s sending node.” App. Br. 15; see also Reply Br. 6—7. As an initial matter, we note claim 26 does not require the sent communication includes information about two different source IP addresses. Rather, claim 26 requires the sent communication include the source substrate IP address and the destination substrate IP address. The virtual IP address of the source is determined based, at least in part, on information in the received communication. Thus, Appellant’s arguments are not commensurate with the scope of claim 26 and, therefore, do not persuade us of error in the Examiner’s rejection. See In re Self, 671 F.2d 1344, 1348 (CCPA 1982) (limitations not appearing in the claims cannot be relied upon for patentability). 5 Appeal 2015-003366 Application 13/691,497 Further, Appellant asserts Matsuoka fails to teach the determination of the virtual IP address of the source node based, at least in part, on the information in the received communication. App. Br. 15. Appellant argues Matsuoka teaches: [Assigning a virtual address unrelated to the communication’s contents for an external computer that wants to connect to a VPN for the first time, and associating that newly assigned virtual address with the computer’s actual IP address for use in subsequent translation activities involving translating one such address to the other such address. App. Br. 15—16 (citing Matsuoka 137) (emphases added). Appellant contends, however, the assigned address is not determined based on information in the received communication. App. Br. 16. Further, Appellant argues: [I]t would still make no sense for Matsuoka to newly assign and associate such a virtual address with a computer’s actual IP address based on the communication, and to then subsequently determine to authorize that communication due to that newly assigned virtual address being associated with the computer’s actual IP address, as doing so would result in automatically authorizing every such communication while needlessly performing additional activities. App. Br. 16. Additionally, Appellant concedes the communication in Matsuoka includes an address for the sending node, “which may at times be translated to and replaced with another address for the sending node.” App. Br. 16. Again, we are unpersuaded of Examiner error because Appellant’s arguments are not commensurate with the language of claim 26. Rather than sending both a virtual and substrate IP addresses of the sending node as part of a communication, claim 26 merely requires the communication include a 6 Appeal 2015-003366 Application 13/691,497 destination substrate IP address for the destination node and a source substrate IP address for the sending node. A source virtual IP address for the sending node is determined based at least in part on information in the communication. Further, the Examiner finds, and we agree, Matsuoka teaches, inter alia, a communication sent by a sending node including a destination substrate IP address and a source substrate IP address. Final Act. 3 (citing Matsuoka H 37, 46-49). Matsuoka teaches the generation of a routing rule by mapping the sending node’s real IP address (i.e., the substrate address) with the assigned virtual IP address for the sending node. Matsuoka 137. Further, the Examiner finds, and we agree, Matsuoka teaches determining the source virtual IP address based at least in part on information in the communication (i.e., Matsuoka teaches associating a virtual IP address of the source node with the real IP address of the source node). Final Act. 3 (citing Matsuoka 137). Appellant additionally argues Motegi fails to teach the received communication is authorized for the destination node based at least in part on identifying information related to the source virtual IP address that matches information related to the source substrate IP address. App. Br. 17— 19; Reply Br. 10-12. Appellant asserts: [I]f the Motegi system were modified to attempt to authorize its communications based on information included in each such communication related to two different IP addresses of the communication’s sending node, it would render the Motegi system inoperable for its intended purpose of allowing devices on different LANs to inter-communicate, as none of the communications in the Motegi system are disclosed to include such information related to two different IP addresses of the 7 Appeal 2015-003366 Application 13/691,497 communication’s sending node, and thus could never be authorized. App. Br. 18 (emphasis added). Appellant’s arguments do not apprise us of Examiner error but instead provide an overview of Motegi and suggest that Motegi does not teach the authorization step of claim 26 because it does not receive a communication including information related to two different IP addresses (i.e., a virtual IP address and a substrate IP address) of the sending node. As discussed supra, this argument is not persuasive because it is not commensurate with the language of claim 26. See Self, 671 F.2d at 1348. Further, in response, the Examiner clarifies the relied upon section of Motegi is paragraphs 104 and 105 (the Final Office Action inadvertently cited paragraphs 14—105). Ans. 12. The Examiner finds Motegi teaches authorizing a communication from a sending node based at least in part on identifying information related to the source virtual IP address that matches information related to the source substrate IP address. Ans. 12—14 (citing Motegi ^Hf 104—105). We agree with the Examiner’s findings as Motegi teaches assigning a virtual address to a source address to an address mapping table. Motegi 1104. Motegi teaches “by the source address ... it is determined whether it [(the received packet)] is admitted or prohibited.” Motegi 1105. Appellant concedes Motegi teaches “communications from particular external sources nodes on the external network can be blocked,” but again asserts “Motegi does not perform authorization activities for a sent communication based on information included in the sent communication about two different IP addresses for the sending node that sent the communication.” Reply Br. 11—12. 8 Appeal 2015-003366 Application 13/691,497 Appellant’s argument is not persuasive of Examiner error as it is not responsive to the rejection as articulated by the Examiner. Non-obviousness cannot be established by attacking references individually where, as here, the ground of unpatentability is based upon the teachings of a combination of references. In re Keller, 642 F.2d 413, 426 (CCPA 1981). As discussed supra, the Examiner relies on Matsuoka to teach a communication sent by a sending node wherein the communication includes a destination substrate IP address and a source substrate IP address. In addition, Appellant argues the Examiner failed to provide articulated reasoning with rational underpinnings in support of the proposed combination of Matsuoka and Motegi. App. Br. 17—19. We disagree and find the Examiner has articulated reasoning with rational underpinnings. See KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). Specifically, the Examiner finds the ordinarily-skilled artisan would have been motivated to modify the routing rules of Matsuoka with the additional authorization/authentication teachings of Motegi as a means to provide a gateway for accessing equipment from remote locations (i.e., LAN to WAN control). Final Act. 4—5; Ans. 14—15. Appellant does not persuasively rebut the Examiner’s findings. For the reasons discussed supra, we are unpersuaded of Examiner error. Accordingly, we sustain the Examiner’s rejection of independent claim 26 and, for similar reasons, the rejection of independent claims 41 and 46, which recite similar limitations and for which Appellant advances similar arguments. See App. Br. 23—25. Additionally, we sustain the Examiner’s rejections of dependent claims 30, 32, 33, 35—40, 44, 45, and 49-55, which were not argued separately. See App. Br. 19 and 24—25. 9 Appeal 2015-003366 Application 13/691,497 Claim 31 Claim 30 depends from claim 26 and recites “wherein the source virtual IP address is stored in a header of the received communication, and wherein the determining of the source virtual IP address includes extracting the stored source virtual IP address from the header.” Claim 31 depends from claim 30 and recites “wherein the source virtual IP address is stored within the source substrate IP address of the received communication.” The Examiner finds Matsuoka teaches the additional limitation of claim 30 (Final Act. 5 (citing Matsuoka Tflf 36, 39, 40) and Motegi teaches the limitation of claim 31 (Final Act. 5 (citing Motegi 1105)). Appellant argues Motegi “lacks any idea of a substrate IP address in a header of a communication including a stored virtual IP address for the same node.” App. Br. 20; Reply Br. 13—14. In response, the Examiner further finds Matsuoka discloses examples of the routing rules disclosed in paragraph 37 of Matsuoka. Ans. 15 (citing Matsuoka H 38, 42). Matsuoka provides an example of packet forwarding in VPN N1 of Figure 1. Matsuoka H 37, 38. In this example, when a node having a virtual IP source address in the range 172.16.1.2—172.16.1.4 wants to send a communication to a destination having a virtual IP destination address of 172.16.1.5, the packet is encapsulated and a header including the real IP source and destination addresses is attached to the capsule thus obtained and is transmitted. Matsuoka 138. The Examiner finds “the source virtual IP address and the source physical [(i.e., substrate)] [IP] address are stored in the same packet”. Ans. 15. The Examiner further finds this is storing of the source virtual IP address consistent with Appellant’s 10 Appeal 2015-003366 Application 13/691,497 Specification. Ans. 15—16 (citing Spec. 1 58, Fig. 2C). Thus, the Examiner finds Matsuoka “discloses a virtual IP address and a source address are being stored in [a] data packet.” Ans. 16. Appellant disputes the Examiner’s finding that Matsuoka teaches storing a source virtual IP address within the source substrate IP address, as claimed. Reply Br. 14. Appellant asserts “even if such an encapsulated packet stores one source address in its header and stores a different second source address elsewhere within the encapsulated packet, that is not the functionality recited by claim 31.” Reply Br. 14. We disagree with Appellant. Matsuoka teaches or reasonably suggests storing a source virtual IP address in the header of a communication, as recited by claim 30. See Matsuoka ]Hf 37-49 (the source virtual IP address is within the header of a packet). Further, Matsuoka teaches or reasonably suggests, for example, when a communication destination is to a remote host outside the LAN, the virtual source IP address header/communication packet is encapsulated and another header, containing the source substrate IP address “is attached to the capsule thus obtained.” Matsuoka 138. Further, Matsuoka teaches the source virtual IP address “of the original packet” may be obtained by decapsulating it. Matsuoka 146. The Examiner broadly yet reasonably construes the recited storing of a source virtual IP address within the source substrate address, consistent with Appellant’s Specification, encompasses Matsuoka’s teaching of attaching a source substrate address (i.e., Matsuoka’s source real IP address) to a VPN packet with the source virtual IP address in its header. Ans. 15—16. We agree. Thus, Matsuoka also teaches the “source virtual IP 11 Appeal 2015-003366 Application 13/691,497 address is stored within the source substrate IP address,” as recited in claim 31. For the reasons discussed supra, we are unpersuaded of Examiner error. Accordingly, we sustain the Examiner’s rejection of claim 31. Claims 34 and 48 Claim 34 depends from claim 26 and recites “wherein the determining that the received communication is authorized includes determining a location in the substrate network corresponding to the sending node, and verifying that the received communication was forwarded over the substrate network from the determined location.” Claim 48, which depends from independent claim 41, recites similar language. In rejecting claim 34, the Examiner finds Matsuoka teaches acquiring the real IP address of the computer. Final Act. 6 (citing Matsuoka 137 (“When the VPN connection controller 112 receives a connection request, the VPN connection controller 112 acquires the real IP address of the computer.”)). Appellant argues: [identifying a computer’s IP address does not determine a network location of that computer, as is known from the substantial body of art related to attempting to identify locations of users and their computers. Furthermore, even if it was assumed for the sake of argument that a computer’s IP address was its location in the network, the identifying of that IP address cannot also disclose verifying that the received communication was actually forwarded from that determined location. App. Br. 22. As an initial matter, it is well settled that mere attorney arguments and conclusory statements, which are unsupported by factual evidence, are 12 Appeal 2015-003366 Application 13/691,497 entitled to little probative value. In re Geisler, 116 F.3d 1465, 1470 (Fed. Cir. 1997); see also In re Pearson, 494 F.2d 1399, 1405 (CCPA 1974) (attorney argument is not evidence). Appellant does not provide sufficient persuasive evidence to support the proffered argument. Further, the Examiner finds, and we agree, the real IP address of a computer provides the network location of that computer and the network location is different from the geographic or physical location of a computer. Ans. 16—17. However, the claim does not specifically require determining a geographic or physical location—rather any location, such as a network location, suffices to meet the claim limitation. Regarding the verification that the received communication was actually forwarded from the determined location, the Examiner finds Matsuoka teaches a process of receiving a connection request including a VPN connection key allowing the computer to participate in the VPN and acquiring the real IP address of the communication. Matsuoka teaches the VPN connection key “is one kind of authentication information certifying, to the VPN server 100, that the computer is a member of the VPN.” Matsuoka 131. Thus, the Examiner finds Matsuoka discloses the successful acquisition of the real IP address in agreement with the stored routing rules, which teaches the claimed limitation. Ans. 17. Appellant does not persuasively rebut the Examiner’s findings and explanation. Rather, Appellant stresses the importance of verification in light of potential spoofing activities, as disclosed in the Specification. We further note the detection of spoofing activities is not recited in the claim language. See Self, 671 F.2d at 1348. 13 Appeal 2015-003366 Application 13/691,497 For the reasons discussed supra, we are unpersuaded of Examiner error. Accordingly, we sustain the Examiner’s rejection of claim 34 and, for similar reasons, the rejection of claim 48, for which Appellant advances similar arguments. App. Br. 26—27. Claims 27—29, 42, 43, and 47 Appellant asserts the rejection claims 27—29, 42, 43, and 47 fail for similar reasons to the rejection of their base claims (independent claims 26 and 41) and that the additional reference, Pennec, fails to remedy the alleged deficiencies. App. Br. 27—29. For the reasons discussed supra, we do not find there were deficiencies with the Examiner’s rejection of independent claims 26 and 41 to be addressed by adding Pennec to the combination. Appellant also contends the Examiner failed to provide articulated reasoning to support the proposed combination of Matsuoka, Motegi, and Pennec. App. Br. 27—29; Reply Br. 15—16. We disagree with Appellant and find the Examiner has articulated reasoning with rational underpinnings to support the proposed combination. See Final Act. 11. Specifically, the Examiner finds: It would have been obvious to one of ordinary skill in the art at the time of the invention was made to modify a virtual network connection system as described by Matsuoka and Motegi and add a network device converting two different IP address formatting as taught by Pennec because it would improve the packet switching in the core. Final Act. 11 (citing Pennec 161). Appellant has not persuasively rebutted the Examiner’s reasoning. Accordingly, we sustain the Examiner’s rejection of claims 27—29, 42, 43, and 47. 14 Appeal 2015-003366 Application 13/691,497 DECISION We affirm the Examiner’s decision to reject claims 26—55. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 41.50(f). AFFIRMED 15 Copy with citationCopy as parenthetical citation