13030360 (P.T.A.B. Feb. 9, 2016)

Ex Parte Rolette et al

Patent Trial and Appeal BoardFeb 9, 2016

13030360 (P.T.A.B. Feb. 9, 2016)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE FIRST NAMED INVENTOR 13/030,360 02/18/2011 James Rolette 56436 7590 02/11/2016 Hewlett Packard Enterprise 3404 E. Harmony Road Mail Stop 79 Fort Collins, CO 80528 UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 82678062 2584 EXAMINER SCHMIDT, KARIL ART UNIT PAPER NUMBER 2439 NOTIFICATION DATE DELIVERY MODE 02/11/2016 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): hpe.ip.mail@hpe.com mkraft@hpe.com chris.mania@hpe.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JAMES ROLETTE, EDWARD ROSS, and DAMON FLEURY Appeal2014-002615 Application 13/030,360 Technology Center 2400 Before MICHAEL J. STRAUSS, KEVIN C. TROCK, and NABEEL U. KHAN, Administrative Patent Judges. STRAUSS, Administrative Patent Judge. DECISION ON APPEAL Appeal2014-002615 Application 13/030,360 STATE~v1ENT OF THE CASE Appellants appeal under 35 U.S.C. Â§ 134(a) from the Examiner's Final Rejection of claims 1-5, 8, 9, and 11-22. Claims 6 and 7 are canceled. Claim 10 is indicated to be allowable. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We affirm-in-part. THE INVENTION The claims are directed to securing a virtual environment. Spec., Title. Claim 1, reproduced below, is illustrative of the claimed subject matter: 1. A method secunng a virtual environment, said method compnsmg: in a host device, intercepting a packet addressed to or sourced by a virtual machine implemented by said host device; redirecting said packet from said host device to a security device external to said host device through an egress tunnel; and delivering said packet to an intended destination of said packet if said host device receives an indication from said security device that said packet is approved. REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Morgan McGee Kabbara US 2009/0073895 Al US 2009/0254990 Al US 2011/0209215 Al REJECTIONS Mar. 19,2009 Oct. 8, 2009 Aug. 25, 2011 The Examiner made the following rejections: 2 Appeal2014-002615 Application 13/030,360 Claims 1-5, 8-14, and 17-22 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over McGee and Kabbara. 1 Ans. 7-14. Claims 15 and 16 stand rejected under 35 U.S.C. Â§ 103(a) as being unpatentable over McGee, Kabbara, and Morgan. Ans. 14--15. ANALYSIS We have reviewed the Examiner's rejections in light of Appellants' arguments that the Examiner has erred. In connection with claim 21 we agree with Appellants' conclusions as to this rejection. However, in connection with claims 1-5, 8, 9, 11-16, 18-20, and 22 we disagree with Appellants' conclusions and adopt as our own ( 1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken (Final Act. 7-15) and (2) the reasons set forth by the Examiner in the Examiner's Answer in response to Appellants' Appeal Brief (Ans. 2-11) and concur with the conclusions reached by the Examiner. We highlight the following for emphasis. Claim 1 In connection with claim 1 Appellants contend modifying McGee according to the teachings of Kabbara would not result in redirecting a packet from a host device through an egress tunnel to a security device that is external to the host device. App. Br. 13. In particular, Appellants argue 1 Although claims 10 and 17 are among the claims listed as being rejected, the Examiner indicates "[ c ]laim 10 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims." Final Act. 15. Because claim 17 depends from claim 10, it is presumed to also be allowable. 3 Appeal2014-002615 Application 13/030,360 "if Kabbara's teachings of a switch directing packets to an inspection service were added to McGee, the result would simply be what McGee already teaches, that the vSwitches, operated by the Hypervisor (312), can send packets to the security VM (304) for inspection." Id. According to Appellants, [O]ne of skill in the art modifying McGee in view of Kabbara would [not] ignore the Security VM (304) and, instead, route packets for inspection out of the system to a separate IPS. This would change the operating principles of McGee in which the Security VM (304) is provided to service the host device. App. Br. 13-14. The Examiner responds by finding McGee teaches all the limitations of claim 1 except "that the security device is external to the host system and the packet travels via an egress tunnel when communicated between the host and the security device .... " Ans. 3. The Examiner further finds Kabbara, by disclosing a switch that redirects a packet directly to a third party intn.1sion prevention system (IPS) to be scanned for malware teaches (i) switch functionality that could be included in the host device switches of McGee and (ii) virus scanning services provided external to the packet's destination, such as on a third party scanning device, i.e., virus scanning that is external to the host device. Ans. 3. The Examiner concludes it would require no more than routine skill in the art to relocate the security device of McGee to an external device; thus one of ordinary skill in the art would be able to either combine prior art elements according to known methods to yield predictable results or simply substitute one known element for another to obtain predictable results. Ans. 3--4. 4 Appeal2014-002615 Application 13/030,360 \Ve agree with the Examiner that "Appellant argues against the references individually, and one cannot show nonobviousness by attacking references individually where the rejections are based on a combination of references." Ans. 2 citing In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091,231 USPQ 375 (Fed. Cir. 1986). The Examiner relies on McGee only for disclosing the security device is external to the host device with communications between the two provided through an egress tunnel. Ans. 2-3. In contrast, Appellants argued combination of prior art embodiments is based on bodily incorporation of Kabbara's switch into the host device switches of McGee rather than what the combination of the two references teaches or suggests. We note that "[a] person of ordinary skill is also a person of ordinary creativity, not an automaton." KSR Int 'l Co. v. Teleflex, Inc., 550 U.S. 398, 421 (2007). In particular, all of the features of one reference need not be bodily incorporated into the other, but consideration should be given to what the combined teachings, knowledge of one of ordinary skill in the art, and the nature of the problem to be solved as a whole would have suggested to those of ordinary skill in the art (see In re Keller, 642 F.2d 413, 425 (CCPA 1981) ). The artisan is not compelled to blindly follow the teaching of one prior art reference over the other without the exercise of independent judgment (see Lear Siegler, Inc. v. Aeroquip Corp., 733 F.2d 881, 889 (Fed. Cir. 1984)). Furthermore, we are also not persuaded combining the respective familiar elements of the cited references in the manner proffered by the Examiner was "uniquely challenging or difficult for one of ordinary skill in the art." Leapfrog Enters., Inc. v. Fisher-Price, Inc., 485 F.3d 1157, 1162 5 Appeal2014-002615 Application 13/030,360 (Fed. Cir. 2007) (citing KSR, 550 U.S. at 418). \Ve further note merely making elements of a device separable, without more, is considered to be an obvious design choice and does not render an invention patentable. See In re Larson, 340 F.2d 965, 968 (CCPA 1965); In re Dulberg, 289 F.2d 522, 523 (CCPA 1961). Therefore, the Examiner's proffered combination of familiar prior art elements according to their established functions would have conveyed a reasonable expectation of success to a person of ordinary skill at the time of the invention. Appellants further contend the references fail to teach or suggest redirecting the packet though an egress tunnel. App. Br. 14. The Examiner responds by finding Appellants' Specification "defines 'tunnel' ... as 'a protocol implemented pathway for transmitting a packet to a destination other than a destination specified in the packet or from a source other than a source specified in the packet."' Ans. 4. The Examiner further finds Kabbara discloses "redirecting a packet to a third party for deep packet inspection, which meets the 'transmitting a packet to a destination other than a destination specified in the packet' of the Applicant's definition of tunnel" and, because Kabbara redirection is via a network, "one of ordinary skill in the art could reasonably infer that the disclosed redirection occurred over a protocol implemented pathway." Id. The Examiner concludes Kabbara teaches the disputed limitation of redirecting the packet though an egress tunnel. We find Appellants' argument unpersuasive of Examiner error. During examination of a patent application, pending claims are given their broadest reasonable construction consistent with the specification. In re Am. Acad. of Sci. Tech Ctr., 367 F.3d 1359, 1364 (Fed. Cir. 2004); In re Prater, 6 Appeal2014-002615 Application 13/030,360 415 F.2d 1393, 1404---05(CCPA1969). Appellants' fail to provide sufficient evidence or argument to persuade us Kabbara's packet redirection to a third party over a network fails to teach or suggest, under a broad but reasonable interpretation, the disputed limitation of redirecting the packet through an egress channel. For the reasons supra we find Appellants' contentions unpersuasive of Examiner error. Accordingly, we sustain the rejection of independent claim 1 under 35 U.S.C. Â§ 103(a) together with the rejection of dependent claims 3-5, 8, and 22 which are not argued separately with particularity. Claim 2 Appellants contend claim 2 requires "if the packet comes back to the host device from the security device using an ingress tunnel, this fact signals to the host device that the packet is approved by the security device." App. Br. 15. In contrast, Appellants argue Kabbara fails to teach "anything about how the IPS resource indicates to the requesting switch or other device that a packet is safe or 'approved."' Id. The Examiner responds by finding Kabbara's system returns information to the switch related to scanning such that one skilled in the art would understand some indication would be supplied to the switch regarding the packet. Ans. 5. The Examiner further finds McGee teaches returning the redirected packet to the host device if the packet is permissible based on the security policy and, in combination with Kabbara's external IPS resource, teaches or suggests the disputed limitation of claim 2. Ans. 5---6. We find Appellants' contention unpersuasive of Examiner error. Although Kabbara does not explicitly disclose the host device receiving the 7 Appeal2014-002615 Application 13/030,360 packet (back from) from the security device, in view of ~vfoGee's disclosure of a packet return, we agree with the Examiner in finding the combination of references teaches or suggests receipt of a returned packet by the host device. Concerning the requirement that the return receipt be through an ingress tunnel, we find such argument unpersuasive for essentially the same reasons as Appellants' arguments in connection with the egress tunnel of claim 1 as explained supra. See also Ans. 4. In particular, Appellants fail to provide sufficient evidence or line of reasoning explaining why McGee's vSwitches providing connectivity among Security-VM 304, Virtual Machines 306, and Hypervisor 312 fail to teach or suggest an ingress tunnel. Accordingly we sustain the rejection claim 2. Claim 9 In connection with claim 9, Appellants contend Kabbara is deficient as failing to disclose "how the IPS resource indicates to the requesting switch or other device that a packet is safe or 'approved.'" App. Br. 17. As this argument is essentially the same we find unpersuasive in connection with claim 2 for the reasons supra, we likewise find such argument unpersuasive in connection with claim 9. Accordingly, we sustain the rejection of independent claim 9 under 35U.S.C.Â§103(a) together with the rejection of dependent claims 11-13 and 15 which are not argued separately with particularity. Claim 14 In connection with claim 14, Appellants contend "Li Just because the packet [taught by McGee] is returned to the packet stream after analysis does not dictate that 'said determination of whether said packet is 8 Appeal2014-002615 Application 13/030,360 permissible based on said security policy comprises determining whether said security policy permits said packet within a context of said networliflow."' Reply. Br. 10, see also App. Br. 18-19. Appellants' argument is unpersuasive because it amounts to little more than a naked assertion the disputed claim element is not found in the prior art. See 37 C.F.R. Â§ 41.37(c)(l)(iv) ("A statement which merely points out what a claim recites will not be considered an argument for separate patentability of the claim."); In re Lovin, 652 F.3d 1349, 1357 (Fed. Cir. 2011) ("[W]e hold that the Board reasonably interpreted Rule 41.3 7 to require more substantive arguments in an appeal brief than a mere recitation of the claim elements and a naked assertion that the corresponding elements were not found in the prior art.") In particular, Appellants fail to provide any reasoning, such as a required interpretation of "whether said security policy permits said packet within a context of said network flow," as recited by claim 14, that distinguishes the disputed limitation over the teachings of McGee including step 528 as applied by the Examiner. Ans. 9. Instead, absent sufficient rebuttal, it is reasonable that a security policy for a network teaches or suggests criteria in context of a network flow. Therefore, in the absence of sufficient evidence or argument and under a broad but reasonable interpretation, Appellants fail to demonstrate error in the Examiner's finding that McGee discloses the disputed limitation. Ans. 9. Accordingly, we sustain the rejection of claim 14. Claim 18 Appellants argue the rejection of claim 18 is improper for the reasons argued in connection with claim 2. Reply Br. 11. Finding those arguments 9 Appeal2014-002615 Application 13/030,360 unpersuasive for the reasons supra, we likewise sustain the rejection of independent claim 18 under 35 U.S.C. Â§103(a) together with the rejection of dependent claims 19 and 20 which are not argued separately with particularity. Claim 21 Appellants contend McGee fails to teach dropping a packet form the buffer on a time-out basis as required by claim 21. App. Br. 21. The Examiner responds by finding McGee's "'Fast Path' does not consult a security device thus as reasonably interpreted a 'fast path' drops a packet without receiving an indication from said security device for any period of time .... " Ans. 11. We disagree with the Examiner. Even if McGee's "Fast Path" is not dependent on receiving an indication from the security device in connection with dropping a packet from the buffer and therefore teaches never receiving an indication, there is no teaching that no indication is received for a specified period of time. That is, McGee's "Fast Path" does not consider any indication, much less no receipt of an indication for a specified period of time. Therefore, we reverse the rejection of claim 21. Claim 16 Appellants argue the rejection of claim 16 is improper for the reasons argued in connection with claim 14. App. Br. 22. Finding such argument unpersuasive for the reasons supra, we likewise sustain the rejection of claim 16. 10 Appeal2014-002615 Application 13/030,360 Claims l 0 and l 7 Although claim 10, and claim 17 dependent therefrom, are both included in the listing of claims rejected under 35 U.S.C. Â§103(a) as being unpatentable over McGee and Kabbara (Final Act. 7), the Examiner indicates claim 10 is objected to, but would be allowable if rewritten in independent form (Final Act.15.) Accordingly, we summarily reverse the rejection of claim 10 for the reasons set forth in the Examiner's statement of reason for indication of allowable subject matter (id) together with the rejection of claim 17 based on its dependency from claim 10. DECISION The Examiner's decision to reject claims 10, 17, and 21 is reversed. The Examiner's decision to reject claims 1-5, 8, 9, 11-16, 18-20, and 22 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. Â§ 1.136(a)(l )(iv). AFFIRMED-IN-PART 11