Ex Parte Minear et alDownload PDFPatent Trial and Appeal BoardAug 28, 201714299551 (P.T.A.B. Aug. 28, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/299,551 06/09/2014 Spencer Minear P54985C (920-0308USC) 1461 13205 7590 08/30/2017 Rlank Rome. T T P - MoAfee EXAMINER 717 Texas Avenue GETACHEW, ABIY Suite 1400 Houston, TX 77002 ART UNIT PAPER NUMBER 2434 NOTIFICATION DATE DELIVERY MODE 08/30/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): hou stonpatents @ blankrome .com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte SPENCER MINEAR and PAUL MEYER Appeal 2017-003197 Application 14/299,551 Technology Center 2400 Before ST. JOHN COURTENAY III, JOHN A. EVANS, and ALEX YAP, Administrative Patent Judges. EVANS, Administrative Patent Judge. DECISION ON APPEAL Appellants1 seek our review under 35 U.S.C. § 134(a) of the Examiner’s Final Rejection of Claims 19—20, 22—25, 27—30, and 32—39. App. Br. 8. Claims 1—18, 21, 26, and 31 are cancelled. We have jurisdiction under 35 U.S.C. § 6(b). We REVERSE.2 1 The Appeal Brief identifies McAfee, Inc., as the real party in interest. App. Br. 3. 2 Rather than reiterate the arguments of Appellants and the Examiner, we refer to the Appeal Brief (filed May 26, 2016, “App. Br.”), the Reply Brief (filed December 8, 2016, “Reply Br.”), the Examiner’s Answer (mailed October 24, 2016, “Ans.”), the Final Action (mailed December 18, 2015, “Final Act.”), and the Specification (filed June 9, 2014, “Spec.”) for their Appeal 2017-003197 Application 14/299,551 STATEMENT OF THE CASE The claims relate to a firewall cluster system. See Abstract. INVENTION Claims 1—8, and 21 are cancelled; Claims 19, 24, 29, and 35 are independent. Claims Appx. An understanding of the invention can be derived from a reading of exemplary Claim 19, which is reproduced below 19. One or more non-transitory computer readable media comprising computer executable instructions stored thereon that when executed cause one or more processors to: process, by a first firewall node of a firewall cluster having three or more nodes, connection information associated with a packet; establish a connection; provide state data associated with the connection to a master node in the firewall cluster; responsive to a failure of the first node, transfer the connection to a second firewall node of the cluster; and provide the state data from the master node to the second firewall node. References and Rejection Berthaud, el al., Goddard Erman, et al., US 2003/0120816 Al June 26, 2003 US 7,254,834 B2 Aug. 7, 2007 US 2012/0057591 Al Mar. 8, 2012 respective details. 2 Appeal 2017-003197 Application 14/299,551 Claims 19, 20, 22—25, 27—30, and 32—39 stand rejected under 35 U.S.C. § 103(a) as unpatentable over Erman, Goddard, and Berthaud. Final Act. 4-17. ANALYSIS We have reviewed the rejections of Claims 19-20, 22—25, 27—30, and 32—39 in light of Appellants’ arguments that the Examiner erred. We are persuaded of error. We consider Appellants’ arguments seriatim, as they are presented in the Appeal Brief, pages 9-13. Claims 19-20,22-25,27-30, and 32-39: Obviousness over Erman, Goddard, and Berthaud Appellants argue Claims 24, 29, and 35 stand or fall with Claim 19. App. Br. 9. Appellants contend Goddard fails to teach or suggest providing state data to a firewall master node. Id. Goddard’s Firewall Load Balancer The Examiner finds Erman teaches most elements of Claim 19 except Erman fails to teach upon failure of a first firewall node that state data is provided from a firewall master node to a second firewall node. Final Act. 4. The Examiner completes this portion of the teaching by finding Goddard teaches that upon failure, state data, associated with a master node, is provided to a backup firewall load balancer (FLB). Id. at 5. Appellants contend the claims recite failover of firewall nodes in a firewall cluster, but the Examiner’s finding is directed to how Goddard teaches replacing a failed firewall load balancer (FLB). Id. at 10. Appellants argue a firewall load balancer is not a firewall node, nor can a 3 Appeal 2017-003197 Application 14/299,551 FLB be considered as a node of a firewall cluster. Id. at 11. Appellants maintain Goddard distinguishes a FLB from a firewall (FW). Id. The Examiner finds Goddard discloses: Firewall sandwich configurations having improved levels of system availability as well as an application-space implementation of a firewall load balancer (FLB) which provides greater operational flexibility while reducing the need for custom hardware and/or operating system software. Also disclosed is a firewall capable of functionally replacing an FLB upon detecting a failure therein. Ans. 19 (citing Goddard, Abstr. and col. 4,11. 28—36). Appellants maintain the Examiner mischaracterizes the Goddard disclosure by failing to distinguish firewalls 306, 308, and 310 from firewall load balancers 320 and 322 of Figure 3 and 316, 320, and 502 of Figure 5. Reply Br. 3. Claim Construction During prosecution, claims must be given their broadest reasonable construction while reading claim language in light of the specification as it would be interpreted by one of ordinary skill in the art. In re Am. Acad, of Sci. Tech. Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004). Under this standard, we construe claim terms using “the broadest reasonable meaning of the words in their ordinary usage as they would be understood by one of ordinary skill in the art, taking into account whatever enlightenment by way of definitions or otherwise that may be afforded by the written description contained in the applicant’s specification.” In re Morris, 127 F.3d 1048, 1054 (Fed. Cir. 1997). Turning to Appellants’ Specification for context regarding the broadest reasonable interpretation of the contested claim term “firewall node.” Appellants describe a cluster of five “firewall nodes” 206 (NODE 1 . 4 Appeal 2017-003197 Application 14/299,551 . . NODE 5), as depicted in Figure 2: “Here the five nodes shown each comprise a separate computer system running an instance of firewall or related software, operable to apply rules to traffic to selectively permit or block traffic flowing between the Internet 201 and the internal network 2022'' (Spec. 119) (emphasis added). See also Spec. 111 (“Figure 2 shows an example network including a firewall cluster comprising multiple firewall nodes”). Significantly, we find Appellants’ Specification distinguishes between “firewall nodes” 206 (NODE 1 . . . NODE 5) and the other nodes 204 and 205 depicted in Figure 2 which perform load balancing: “The nodes 204 and 205 are responsible for performing functions such as load balancing traffic routed to the firewall nodes 206, ensuring that the nodes are able to work together efficiently to provide higher throughput capability than a single node.” (Spec. 119) (emphasis added). Given this context {id.), in reviewing the record we find a preponderance of the evidence supports Appellants’ contention that Goddards YTirewall load balancer is not a firewall node” as claimed. (App. Br. 11). Goddard discloses a fault tolerant firewall sandwich system 300 (Figure 3) comprising firewalls 306, 308, and 310. Goddard, col. 4,11. 34— 47. Goddard discloses the firewalls are connected in parallel between switches 312 and 314. Id., at 11. 46-48. Goddard discloses connected between switch 312 and public network 302 is a primary FEB 316 and a secondary FEB 318; similarly between switch 314 and private network 304 is a primary FEB 320 and a standby FEB 322. Id. at 11. 48—52. Thus, Goddard clearly distinguishes a firewall load balancer (FEB) 318, 322 from 5 Appeal 2017-003197 Application 14/299,551 a firewall 306, 308, 310, or a node thereof. Figure 3 of Goddard is reproduced below: Figure 3 of Goddard showing Firewalls 306, 308, and 310. Independent Claim 19 recites, inter alia, “provide the state data from the master [firewall] node to the second firewall node.” Given our claim construction above, we find no teaching or suggestion that a FLB is a “firewall node” within the meaning of each independent claim on appeal. Contrary to the Examiner’s findings, Goddard teaches that “all network traffic passing through the FW boundary must pass through an FLB before reaching the FWs [(Firewalls)];” (Col. 3,11. 17—18) (emphasis added). Moreover, the Examiner has not directed our attention to any explanation of how a “firewall node” as claimed may be read on Goddard’s FLB failover protocols. With respect to the foregoing analysis, independent Claims 24, 29, and 35 recite limitations commensurate in scope with those recited in Claim 19. 6 Appeal 2017-003197 Application 14/299,551 DECISION The rejection of Claims 19-20, 22—25, 27—30, and 32—39 under 35 U.S.C. § 103 is REVERSED. REVERSED 7 Copy with citationCopy as parenthetical citation
