Ex Parte Wood

Patent Trial and Appeal BoardDec 21, 2018

14827953 (P.T.A.B. Dec. 21, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. 14/827,953 114746 7590 Apple Inc. -- FKM 150 Broadway Suite 702 FILING DATE 08/17/2015 12/26/2018 New York, NY 10038 FIRST NAMED INVENTOR James P. Wood UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. 30134/00405 (Pl9522USC2) 8020 EXAMINER KABIR, JAHANGIR ART UNIT PAPER NUMBER 2439 NOTIFICATION DATE DELIVERY MODE 12/26/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): mmarcin@fkmiplaw.com preisch@fkmiplaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JAMES WOOD Appeal2018-005745 Application 14/827 ,953 1 Technology Center 2400 Before ROBERT E. NAPPI, ERIC S. FRAHM, and MICHAEL T. CYGAN, Administrative Patent Judges. CYGAN, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF CASE Introduction Appellant appeals under 35 U.S.C. Â§ 134(a) from the Examiner's Final Rejection of claims 21-26, 29-34, 36-39, and 41--44. We have jurisdiction under 35 U.S.C. Â§ 6(b). We reverse. 1 According to Appellant, the real party in interest is Apple, Inc. App. Br. 2. Appeal2018-005745 Application 14/827 ,953 Disclosed Invention and Exemplary Claim The disclosed invention relates to systems and methods for providing, to an application executing on an electronic device, application-specific access to a virtual private network ("VPN"). Upon an application's request for a network data flow to a VPN, the device compares identification information associated with the application with a set of rules to determine if access to the VPN should be granted. If access is granted, the device executes a VPN agent, and the network data flow is diverted to the VPN agent as opposed to entering a Transport Connection Protocol/Internet Protocol (TCP/IP) stack. Independent claim 21 is exemplary of the disclosed invention, and reads as follows (with key limitations of the claim emphasized): 21. A method, performed at an electronic device that includes a processor, a memory, and a network interface, compnsmg: generating, by an application executing on the device, a request for a network data flow to a virtual private network (VPN); comparing identification information associated with the application against a set of rules stored on the memory, wherein the set of rules identifies conditions for the application to be authorized to access the VPN; establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the VPN; executing a VPN agent in user space, wherein the VPN agent includes a VPN plugin; and diverting the network data flow to the VPN agent as opposed to entering a Transport Connection Protocol (TCP)/Internet Protocol (IP) stack, wherein the VPN plugin tunnels the network data flow over a VPN tunnel. 2 Appeal2018-005745 Application 14/827 ,953 Each of the independent claims 21, 29, and 36, and the claims depending therefrom, recite or incorporate the above-emphasized limitation. Examiner's Rejection The Examiner rejected claims 21-26, 29-34, 36-39, and 41--44 under 35 U.S.C. Â§ 103 as being obvious over the combination of John et al. (U.S. 2006/0236370, published Oct. 19, 2006) (hereinafter John) and Chandrika et al. (U.S. 2010/0250920, published Sept. 30, 2010) (hereinafter Chandrika). Appellant's Contentions Appellant contends Chandrika fails to teach the claimed "diverting the network data flow to the VPN agent as opposed to entering a Transport Connection Protocol (TCP)/lnternet Protocol (IP) stack, wherein the VPN plugin tunnels the network data flow over a VPN tunnel." App. Br. 5-8; Reply Br. 3-5. Appellant further contends that Chandrika fails to teach the claim 43 limitation wherein the network data flow received by a packet filter of the VPN "includes a payload of application data without any corresponding headers." App. Br. 8-9; Reply Br. 5---6. ANALYSIS We have reviewed the Examiner's rejections (Final Act. 5-20) in light of Appellant's contentions that the Examiner has erred (App. Br. 5-9; Reply Br. 3---6). Further, we have reviewed the Examiner's response to Appellant's arguments (Ans. 3-7). We agree with Appellant's contentions that the Examiner erred in rejecting claims 21-26, 29-34, 36-39, and 41--44 under 35 U.S.C. Â§ 103. 3 Appeal2018-005745 Application 14/827 ,953 The Examiner has rejected claims 21-26, 29-34, 36-39, and 41--44 under 35 U.S.C. Â§ 103 because the Examiner found the combination of John and Chandrika to teach or suggest, inter alia, "diverting the network data flow to the VPN agent as opposed to entering a Transport Connection Protocol (TCP)/lnternet Protocol (IP) stack, wherein the VPN plugin tunnels the network data flow over a VPN tunnel." Final Act. 8. The Examiner points to Chandrika paragraphs 22, 26, 35-39, and 45 for the teaching or suggestion of diverting network data flow to a VPN tunnel from a TCP/IP stack, after the data flow has passed through the TCP part of the stack but before the data flow has entered the IP portion of the stack. Ans. 4. The Examiner construes the "diverting the network data flow to the VPN agent ... as opposed to entering the [TCP/IP stack]" limitation as requiring that "the data must not enter the TCP /IP stack during the act of diversion." Ans. 5 (emphasis omitted). The Examiner further determines that Chandrika's teaching or suggestion of "[s]ending the encrypted packet to the router modification service after grabbing it off the network communication [TCP /IP] stack" fulfills that condition because it "fits the definition of diverting." Id. Appellant's responses have persuaded us of error in the Examiner's rejection. Appellant contends that the Examiner's construction is unreasonable because a "during the act of diversion" restriction is not required by the claim language. Reply Br. 4 ( emphasis omitted). Appellant further contends Chandrika's teaching of diverting network data after entering the TCP/IP stack does not satisfy the claimed "diverting ... as opposed to entering" the TCP/IP stack. App. Br. 5-8; Reply Br. 3--4. 4 Appeal2018-005745 Application 14/827 ,953 Both the Examiner and the Appellant agree that Chandrika teaches network data flow entering the TCP /IP stack and being processed by the TCP portion of the stack prior to diversion to the VPN tunnel. Ans. 4--5; App. Br. 5. While the Examiner correctly describes Chandrika's technique as "entirely bypassing the IP layer of the network communication stack" (Ans. 4), bypassing the IP layer of the TCP/IP stack is not the same as bypassing the entire TCP /IP stack as required by the claims. 2 When the claim is read as a whole, in view of Appellant's disclosure as understood by one having ordinary skill in the art, we agree with the Appellant that the limitation "diverting the network data flow to the VPN agent ... as opposed to entering the [TCP/IP stack]" is not met by Chandrika's teaching of network data flow entering a TCP/IP stack and then being diverted to a VPN tunnel after being processed by the TCP portion of the stack but prior to processing by the IP portion of the stack. To the extent that Appellant and Examiner disagree as to the meaning of the phrase "as opposed to," the Examiner has taken the position that the phrase lacks "any refined limitation of what 'as opposed to' clearly means." Ans. 5 ( emphasis omitted). Appellant contends that the common meaning of the phrase is "rather than; instead of." Reply Br. 4. We concur with Appellant's understanding of the phrase, which is consistent with Appellant's disclosure. See, e.g., Spec. ,r 20 ("If the application matches one of these rules, the flow of network data may then be diverted through the VPN tunnel, as opposed to entering the TCP/IP stack"); ,r 26 ("Since the 2 The Examiner has treated the terms "diverting" and "bypassing" as analogous. Ans. 4. 5 Appeal2018-005745 Application 14/827 ,953 network data may not traverse the TCP /IP stack before being diverting [sic] to the VPN agent"). We do not find persuasive the Examiner's contention that Chandrika teaches the claimed invention because during the act of diversion to the VPN tunnel, the network data flow is leaving the TCP /IP stack as opposed to entering the TCP /IP stack. Ans. 5. At best, Chandrika teaches diverting the network data flow to the VPN agent as opposed to continuing through the TCP /IP stack. The Examiner has not pointed to any teaching or suggestion by Chandrika that the network data flow is diverted to the VPN agent as opposed to entering the TCP /IP stack, as is required by the broadest reasonable interpretation of the claim in view of Appellant's disclosure as understood by one having ordinary skill in the art. Appellant has persuasively argued error in the Examiner's rejection of claims 21-26, 29- 34, 36-39, and 41--44 under 35 U.S.C. Â§ 103. Accordingly, we do not sustain the Examiner's rejection of claims 21-26, 29-34, 36-39, and 41--44. DECISION For the above-described reasons, the Examiner's rejection of claims 21-26, 29-34, 36-39, and 41--44 under 35 U.S.C. Â§ 103 is reversed. REVERSED 6