Ex Parte Pourzandi et alDownload PDFPatent Trial and Appeal BoardJun 15, 201713974637 (P.T.A.B. Jun. 15, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/974,637 08/23/2013 Makan Pourzandi 1009-0637 / P40692 US1 3230 102721 7590 06/19/2017 Murphy, Bilak & Homiller/Ericsson 1255 Crescent Green Suite 200 Cary, NC 27518 EXAMINER WRIGHT, BRYAN F ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 06/19/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): official@mbhiplaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte MAKAN POURZANDI and ZHONGWEN ZHU Appeal 2017-004138 Application 13/974,6371 Technology Center 2400 Before ELENI MANTIS MERCADER, NORMAN H. BEAMER, and ADAM J. PYONIN, Administrative Patent Judges. BEAMER, Administrative Patent Judge. DECISION ON APPEAL Appellants appeal under 35 U.S.C. § 134(a) from the Examiner’s Final Rejection of claims 1, 3—12, and 14—26, which are all the claims pending. We have jurisdiction over the pending rejected claims under 35 U.S.C. § 6(b). We affirm-in-part. 1 Appellants identify Telefonaktiebolaget LM Ericsson (publ) as the real party in interest. (App. Br. 2.) Appeal 2017-004138 Application 13/974,637 THE INVENTION Appellants’ disclosed and claimed invention is directed to managing virtual firewalls in a wireless communication network. (Abstract.) Independent claims 1,21, and 25, reproduced below, are illustrative of the subject matter on appeal: 1. A method of virtual firewall management performed at a first control node in a wireless communication network that includes a Core Network, CN, and an associated Radio Access Network, RAN, said method comprising: detecting a handover event involving handover of a wireless device from a first RAN node in the network to a second RAN node in the network, wherein an associated virtual firewall is maintained for the wireless device at the first RAN node; and responsive to said detecting, initiating a migration of the associated virtual firewall from the first RAN node, said migration being a horizontal migration of the associated virtual firewall to the second RAN node, or being a vertical migration of the associated virtual firewall into the CN; said method further comprising selecting between horizontal migration or vertical migration of the associated virtual firewall based on evaluating at least one of mobility data for the wireless device and location data for the wireless device. 21. A method of virtual firewall management performed at a first Radio Access Network, RAN, node operating in a RAN of a wireless communication network that further includes an associated Core Network, CN, said method comprising: maintaining an associated virtual firewall for a wireless device served by the first RAN node; receiving transfer initiation signaling from a control node in the network, indicating that the associated virtual firewall is to be migrated, said migration being horizontally to a second RAN node in the network, or vertically to the CN; and 2 Appeal 2017-004138 Application 13/974,637 transferring the associated virtual firewall either horizontally or vertically, in accordance with the transfer initiation signaling. 25. A method of virtual firewall management performed at a second Radio Access Network, RAN, node operating in a RAN of a wireless communication network that-further includes an associated Core Network, CN, said method comprising: receiving an associated virtual firewall for a wireless device, from a first RAN node, or from an associated control node in the CN; activating the associated virtual firewall at the second RAN node for processing traffic for the wireless device according to the associated virtual firewall; and sending an indication of said activation to the first RAN node, or to the associated control node. REJECTIONS The Examiner rejects claims 1, 4—12, and 15—26 under 35 U.S.C. § 103 as being unpatentable over Litvin et al. (US 2009/0249438 Al, pub. Oct. 1, 2009) (hereinafter “Litvin”) in view of Barth et al. (US 2008/0229088 Al, pub. Sept. 18, 2008) (hereinafter “Barth”). (Final Act. 14; Advisory Act. 2.)2 2 Claims 2 and 13 were canceled in an after-final amendment filed on December 16, 2015. (See Advisory Act. 1.) The rejections of claims 25 and 26 under 35 U.S.C. § 101 and claims 3 and 14 under 35 U.S.C. § 103 were withdrawn in the Answer. (Ans. 4, 43.) 3 Appeal 2017-004138 Application 13/974,637 ISSUES ON APPEAL Appellants’ arguments in the Appeal Brief present the following issues:3 First Issue: Whether the Examiner erred in finding the combination of Litvin and Barth teaches or suggests the independent claim 1 limitation: said method further comprising selecting between horizontal migration or vertical migration of the associated virtual firewall based on evaluating at least one of mobility data for the wireless device and location data for the wireless device, and the similar limitation recited in independent claim 12. (App. Br. 10—15; Reply Br. 2—10.) Second Issue'. Whether the Examiner erred in finding the combination of Litvin and Barth teaches or suggests the independent claim 21 limitations: receiving transfer initiation signaling from a control node in the network, indicating that the associated virtual firewall is to be migrated, said migration being horizontally to a second RAN node in the network, or vertically to the CN; and transferring the associated virtual firewall either horizontally or vertically, in accordance with the transfer initiation signaling, and the similar limitations recited in independent claim 24. (App. Br. 15- lb; Reply Br. 11.) 3 Rather than reiterate the arguments of Appellants and the positions of the Examiner, we refer to the Appeal Brief (filed April 28, 2016); the Reply Brief (filed January 16, 2017); the Final Office Action (mailed October 16, 2015); the Advisory Action (mailed January 29, 2016); and the Examiner’s Answer (mailed November 14, 2016) for the respective details. 4 Appeal 2017-004138 Application 13/974,637 Third Issue: Whether the Examiner erred in finding the combination of Litvin and Barth teaches or suggests the limitations of independent claim 25. (App. Br. 16—17; Reply Br. 11.) ANALYSIS We have reviewed the Examiner’s rejections in light of Appellants’ arguments that the Examiner errs. As to the rejection of claims 1, 4—12, and 15—20, we agree with Appellants. As to the rejection of claims 21—26, we disagree with Appellants’ arguments, and we adopt as our own (1) the pertinent findings and reasons set forth by the Examiner in the Action from which this appeal is taken (Final Act. 2—31; Advisory Act. 2—3) and (2) the corresponding reasons set forth by the Examiner in the Examiner’s Answer in response to Appellants’ Appeal Brief (Ans. 3—48), except where noted. Issue One In finding the combination of Litvin and Barth teach or suggest the claim 1 limitation at issue, the Examiner first relies on the disclosure of Litvin as illustrating a vertical migration because the directional arrow 185 points to adjacent node 110, and the vertical orientation of node 110 relative to originating node 105 presents an alternative reasonable interpretation that the firewall migration is horizontal. (Ans. 6; Litvin, Fig. 1.) The Examiner further relies on the disclosure in Barth of a mobility report providing information relating to the location and/or type of access of a terminal. (Final Act. 16; Barth | 54.) The Examiner also relies on the disclosure in Barth of three communication paths leading from firewall controller 301 to (1) firewall 312, (2) firewall 313, and (3) security gateway 5 Appeal 2017-004138 Application 13/974,637 315, and that path selection is illustrated in Barth’s figures, which also illustrate horizontal and vertical migration. (Ans. 18; Barth | 88, Figs. 3 A— 3B, 5A, 6.) Appellants argue that the Examiner errs because “Litvin’s host nodes (including the ones referred to in the Examiner’s Answer) appear to be interchangeable hosting resources within a data center that are of the same type and operate at the same ‘level’ in the network.” (Reply Br. 4 (citing Litvin, Fig. 1).) We agree, as all nodes exist within system 100 and all nodes communicate through router 195. (Litvin, Fig. 1.) Appellants additionally argue the Examiner errs because [w]hat the Examiner labels in Fig. 5 A of Barth as being a ‘vertical migration’ is the transfer of firewall configuration rules from a home network to a visited network, where on both sides of the transfer the involved nodes are above or outside any radio access networks—i.e., the transfer appears to be from one core network to another, or from one high-level network node to another. (Reply Br. 6.) We agree, because while Barth (| 109) states that “[t]he references [to Figures 5A—5B] largely correspond to those given and explained with regard to FIG. 3A and FIG. 3B,” the Examiner’s findings do not tie together the elements of Figure 5 A to the elements of Figures 3 A—3B to support a conclusion that Figure 5A teaches or suggests both the claimed vertical and horizontal migration. Similarly, the Examiner’s findings regarding Figure 6 are insufficient to establish that Figure 6 teaches or suggests both the claimed vertical and horizontal migration. We find the Examiner does not provide prima facie support for the rejection. “[T]he examiner bears the initial burden, on review of the prior art or on any other 6 Appeal 2017-004138 Application 13/974,637 ground, of presenting a prima facie case of unpatentability.” In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992). As the combination of Litvin and Barth does not teach or suggest both a horizontal migration and a vertical migration, the combination does not teach or suggest the claimed “selecting between horizontal migration or vertical migration.”4 Therefore, on the record before us, we are constrained to find the Examiner errs in rejecting independent claim 1, as well as independent claim 12 commensurate in scope, and dependent claims 4—11 and 15—20. Issue Two Unlike claim 1, the limitations at issue in claim 21 are met by a migration of the “associated virtual firewall” that is transferred “vertically to the [control node]” because of the “or” appearing in the “receiving” and “transferring” limitations — accordingly, no horizontal migration or transfer is necessary to satisfy the limitation. The Examiner finds Barth teaches that [i]n addition to FIG. 3A, FIG. 3B comprises three communication paths that lead from the Firewall Controller 301 to the Firewall FW 312, to the Firewall FW 313 and to the Security Gateway SEG 315. Each such communication path indicates that the Firewall Controller 301 updates the affected Firewalls/Security Gateway. (Ans. 18 (quoting Barth | 88).) In a handoff from the 3G node communicating with User Equipment 309 to the WLAN node, Firewall Controller 301 updates Security Gateway 315. Thus, the combination of 4 However, with respect to Issues Two and Three, we find the combination of Litvin and Barth teaches or suggests a vertical migration. See infra. 7 Appeal 2017-004138 Application 13/974,637 Litvin and Barth teaches or suggests the limitations at issue, because in Barth’s update both Firewall Controller 301 and Security Gateway 315 are located on a control network above both the 3G and WLAN radio access networks, with new rules sent to Firewall FW_SEG. (See Barth H 91—94, Figs. 3A—3B.) We note that our finding appears supported by Appellants’ argument that “Barth discloses centralized firewall management—see Figs. 1, 2, 3A, 3B—that occurs above Barth’s RAN and involves nodes that are plainly depicted as being outside (above) Barth’s RAN.” (App. Br. 16.) Accordingly, we affirm the rejection of independent claim 21, and independent claim 24 commensurate in scope, and dependent claims 22 and 23. Issue Three Appellants argue the Examiner errs in rejecting claim 25, primarily because the Examiner’s Answer incorrectly “asserts that the firewall (FW) at the top of the Evolved Packet Core of Barth’s Figure 1 is in the RAN network.” (Reply Br. 11 (citing Ans. 38).) Regardless whether Appellants are correct, the Examiner additionally finds that Barth teaches that a Mobility Report is sent from the Home Agent HA to the Firewall Controller. Then, the IMS sends a Session Report to the Firewall Controller. Thereinafter, the Firewall Controller adds a Firewall Rule to the Firewall FW old and to the Firewall FW SEG. (Ans. 39 (quoting Barth 191).) The cited portion of Barth describes the handover of User Equipment 309 from the 3G node to the WLAN node as illustrated by Figures 3 A—3B, in which Firewall FW_old corresponds to Firewall 312, Firewall FW_new corresponds to Firewall 313, and Firewall 8 Appeal 2017-004138 Application 13/974,637 FW_SEG corresponds to Firewall SEG 315. (See Barth 190.) Here, the claimed “receiving an associated virtual firewall” encompasses Barth’s Firewall 313 receiving Firewall FW_new, and both the claimed “activating the associated virtual firewall” and “sending an indication of said activation” encompass Barth’s update of Firewall FW_SEG that records the traffic changes. (See Barth || 92—94.) Appellants do not argue error with regard to the Examiner’s findings regarding the handoff. (See Reply Br. 11.) Accordingly, we affirm the Examiner’s rejection of independent claim 25 and dependent claim 26 not argued separately. (App. Br. 17.) CONCLUSION For the reasons stated above, we reverse the obviousness rejections of claims 1, 4—12, and 15—20 over Litvin and Barth, and affirm the obviousness rejections of claims 21—26 over Litvin and Barth. DECISION The Examiner’s decision rejecting claims 1, 4—12, and 15—20 is reversed. The Examiner’s decision rejecting claims 21—26 is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED-IN-PART 9 Copy with citationCopy as parenthetical citation