Nicira, Inc.Download PDFPatent Trials and Appeals BoardOct 28, 20202019002979 (P.T.A.B. Oct. 28, 2020) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/196,518 06/29/2016 Radha Popuri N273.03 1015 109858 7590 10/28/2020 ADELI LLP P.O. Box 516 Pacific Palisades, CA 90272 EXAMINER TRAN, ELLEN C ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 10/28/2020 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com mail@adelillp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________________ Ex parte RADHA POPURI, SHADAB SHAH, JAMES JOSEPH STABILE, SAMEER KURKURE, and KAUSHAL BANSAL ___________________ Appeal 2019-002979 Application 15/196,518 Technology Center 2400 ____________________ Before JEAN R. HOMERE, CARL W. WHITEHEAD JR., and MICHAEL J. ENGLE, Administrative Patent Judges. HOMERE, Administrative Patent Judge. DECISION ON APPEAL I. STATEMENT OF THE CASE1 Pursuant to 35 U.S.C. § 134(a), Appellant2 appeals from the Examiner’s rejection of claims 1–20, which constitute all of the pending claims. Appeal Br. 2. We have jurisdiction under 35 U.S.C. § 6(b). We reverse. 1 We refer to the Specification, filed June 29, 2016 (“Spec.”); the Final Office Action, mailed May 23, 2018 (“Final Act.”); the Appeal Brief, filed Nov. 26, 2018 (“Appeal Br”); the Examiner’s Answer, mailed Dec. 31, 2018 (“Ans.”); and the Reply Brief (“Reply Br.”) filed Feb. 28, 2019. 2 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42(a). Appellant identifies VMware, Inc. and Nicira, Inc. as the real parties in interest. Appeal Br. 2. Appeal 2019-002979 Application 15/196,518 2 II. CLAIMED SUBJECT MATTER According to Appellant, the claimed subject matter relates to a queueing procedure for adding or moving multiple sections to an ordered set of firewall sections by concurrently manipulating firewall sections and rules to thereby provide firewall protection to associated tenants without requiring knowledge of the entire firewall configuration. Spec. ¶¶ 5, 48, 52, 68, 81. Figure 10 is discussed and reproduced below: Figure 10 illustrates software defined data center (100) including a network virtualization platform providing firewall services in sections (920–931), each containing a set of rules associated with a tenant, wherein the sections are sorted according to their assigned priority values. Spec. ¶¶ 5, 6, 62–72, 96, 97. Appeal 2019-002979 Application 15/196,518 3 As depicted in Figure 10 above, while processing a first request to add or move a first section to a specified position relative to a second section, network manager (105) receives a second request to add or move a third section to a position relative to a fourth section into the firewall configuration. Id. ¶¶ 98–108. Network manager (105) stores the first request in a queue at an assigned position as the second section has not been assigned a position in the list of firewall sections, whereas network manager (105) processes the second request to add or move the third section to the requested position as the fourth section has an assigned position in the list of firewall sections. Id. Illustrative Claim Claims 1 and 12 are independent. Claim 1, reproduced below with disputed limitations emphasized, is illustrative: 1. A method of providing firewall services at a software defined data center, the method comprising: in a firewall rule collection, specifying an order for a plurality of firewall sections in a list of firewall sections in the firewall rule collection, each section comprising a set of firewall rules; while processing a first request to add or move a first section to a position defined in relation to a second section, receiving a second request to add or move a third section to a position defined in relation to a fourth section; storing the first request in a queue for later execution as the second section has not been assigned a position in the list of firewall sections; and processing the second request to add or move the third section to the position in the list of firewall sections defined in relation to the fourth section, as the fourth section has an assigned position in the list of sections. Appeal Br. 18 (Claims App.). Appeal 2019-002979 Application 15/196,518 4 III. REFERENCES The Examiner relies upon the following references.3 Name Reference Publ’d/Issued Ahn US 2011/0055916 A1 Mar. 3, 2011 Pernicha US 2016/0191466 A1 June 30, 2016 IV. REJECTION The Examiner rejects claims 1–20 under 35 U.S.C. § 103(a) as unpatentable over the combined teachings of Ahn and Pernicha. Final Act. 6–14. V. ANALYSIS We consider Appellant’s arguments in the Appeal Brief, pages 5–16 and the Reply Brief, pages 2–8. Regarding the rejection of claim 1, Appellant argues, inter alia, that the Examiner erred in finding that Pernicha cures the admitted deficiencies of Ahn by teaching storing a first request in a queue for later execution as a second section defined in relation thereto has not been assigned a position in the list of firewall sections. Appeal Br. 10 (citing Pernicha ¶¶ 10, 20, 30, 31, 33, 43, 44, 46, 53). According to Appellant, the cited paragraphs of Pernicha relate to an optimization procedure that takes place after a request to add a firewall rule has been received such that disjoint rules characterized by the lack of functional dependencies therebetween can be applied independently of each other without changing the behavior of the firewall. Id. at 10–11. Further, Appellant argues that although Pernicha discloses a 3 All reference citations are to the first named inventor only. Appeal 2019-002979 Application 15/196,518 5 queue for storing policy rules, the disclosed queue is for an administrator to approve a new rule before implementing the rule in the firewall system, but it is otherwise unrelated to storing a first request associated with a first section when a second section defined in relation thereto has not been assigned. Id. at 11; Reply Br. 4–5 (citing Pernicha ¶¶ 59, 61, 62, 64). In response, the Examiner finds the following: Pernicha clearly suggests security requirements change over time, therefore it is clear Pernicha anticipates subsequently rule section to be inserted in the firewall rules or “storing the first request in a queue”, to prepare for this need “firewall ... can be configured to use the method of the present disclosure so as to overcome the limitation of existing static rule based policy by incorporating dynamic addition/modifications of one or more policy rules”. This clearly suggests ‘making priority numbers available for assignment to rules subsequently inserter into sections’ as well as storing requests in a queue, see the Abstract, paragraphs 10, 59, 61-62, and 64. Also note the invention teaches in one embodiment, validation, optimization functionality can be performed in the background in paragraph 43-44, 46 as well as ‘rules can also be accounted for while forming the updated set of policy rules (i.e. therefore they are queued/stored for later assignment), in paragraph 53, in addition network security policy management system can have a front end interface module to create and/or upload one or more new security policy rules (queue), ‘proposed changes to the policy rule database can be brought to the attention ... and/or confirmation before taking effect[’] (queue). Ans. 15 Appellant’s arguments are persuasive of reversible Examiner error. Ahn discloses a subset of rules in an ordered set of firewall packets filtering rules that define a firewall policy containing disjoint rules, whose order can be changed without changing the integrity of the firewall policy. Ahn ¶¶ 7, 18. Ahn discloses that each rule set can be partitioned into a list of ordered groups. Id. ¶ 39. Further, Pernicha discloses a method and system for Appeal 2019-002979 Application 15/196,518 6 dynamically optimizing rule-based security policies, whereupon receiving a request by a network security management device to add a new traffic flow policy rule to an existing policy rule, an updated policy rule is formed to incorporate the new traffic flow policy based on determined dependencies. Pernicha ¶¶ 10, 30, 31. Furthermore, Pernicha discloses reordering a second subset of policy rules having identifiers according to their assigned weights, priorities to update and change the order of the rules thereby optimizing the updated set of policy rules so as to configure the firewall. Id. ¶¶ 33, 42, 59, 69–75. Moreover, Pernicha discloses a policy database for storing and accounting for new traffic flow policy rules while forming an updated set of policy rules. Id. ¶ 53. Pernicha also discloses a storage device coupled to a processor for storing a policy rule optimization module configured to retrieve rules to optimize the set of policy rules. Id. ¶ 62. Additionally, Pernicha discloses maintaining a log of changes to allow an administrator to selectively undo certain optimizations or revert to a prior sate of a policy if desired. Id. ¶ 60. Pernicha’s disclosure of a storage device including a database for recording rules and a log for tracking updates to the firewall policy teaches at best queueing all received updates to a log to process requests to update the firewall policy or to undo updates to the policy. Although Pernicha discloses storing all received update requests, Pernicha is silent as to storing an update to a section because another section in relation thereto has not been assigned in the list of firewall sections. Because Pernicha discloses indiscriminately storing all update requests to firewall sections irrespective of their assignments relative to other sections, we agree with Appellant that Pernicha does not teach storing the update request under the specific Appeal 2019-002979 Application 15/196,518 7 condition when a subsequent section has not been assigned a position in the list of sections as required by the disputed limitation. Consequently, we do not sustain the Examiner’s rejection of independent claim 1 over the combination of Ahn and Pernicha. Because Appellant has shown at least one reversible error in the Examiner’s obviousness rejection of independent claim 1, we do not reach Appellant’s remaining arguments. Accordingly, we do not sustain the Examiner’s rejection of independent claim 12 which includes the argued disputed limitations. Likewise, we do not sustain the rejection of dependent claims 2–11, and 13–20, which also recite the disputed limitation. VI. CONCLUSION For the above reasons, we reverse the Examiner’s rejection of claims 1–20. VII. DECISION SUMMARY In summary: Claims Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1–20 103 Ahn, Pernicha 1–20 REVERSED Copy with citationCopy as parenthetical citation
