Ex Parte YangDownload PDFPatent Trial and Appeal BoardMay 16, 201714046063 (P.T.A.B. May. 16, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/046,063 10/04/2013 Jianping YANG B117 3979 36378 7590 VMWARE, INC. DARRYL SMITH 3401 Hillview Ave. PALO ALTO, CA 94304 05/18/2017 EXAMINER HO, DAO Q ART UNIT PAPER NUMBER 2497 NOTIFICATION DATE DELIVERY MODE 05/18/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipteam @ vmware. com ipadmin@vmware.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte JIANPING YANG Appeal 2017-002952 Application 14/046,0631 Technology Center 2400 Before DEBRA K. STEPHENS, DANIEL J. GALLIGAN, and JESSICA C. KAISER, Administrative Patent Judges. KAISER, Administrative Patent Judge. DECISION ON APPEAL Introduction Appellant appeals 35 U.S.C. § 134 from a Final Rejection of claims 1, 2, 4—14, 17, 18, and 20. We have jurisdiction under 35 U.S.C. § 6(b). Claims 3, 15, 16, and 19 have been cancelled. We AFFIRM. 1 According to Appellant, the real party in interest is VMware, Inc. (App. Br. 3). Appeal 2017-002952 Application 14/046,063 EXEMPLARY CLAIM Claim 1, reproduced below, is illustrative of the claimed subject matter with disputed limitations emphasized: 1. In a virtualized computing system having a plurality of inventory objects and an access control subsystem that manages permissions to perform actions on the inventory objects, a method of managing the permissions comprising: detecting an association of a tag with an inventory object, the tag defining one or more users and one or more privileges; in response to said detecting, generating an access control label of the inventory object based on the tag, the access control label specifying user privileges for the inventory object based on the users and privileges that are defined by the tag; and permitting or denying operations to be performed on the inventory object based on the generated access control label. REJECTION2 Claims 1, 2, 4—14, 17, 18, and 20 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over Kahn (US 7,185,192 Bl; published Feb. 27, 2007) and Butikofer (US 8,850,434 Bl; issued Sept. 30, 2014). (Final Act. 5-11). ISSUES Issue 1: Did the Examiner err in finding Kahn teaches “generating an access control label of the inventory object based on the tag,” as recited in claim 1 and similarly recited in claims 7 and 13? 2 The Examiner has withdrawn (Adv. Act. 2) the 35 U.S.C. § 101 rejection of claims 13, 14, 17, 18, and 20 (Final Act. 4). 2 Appeal 2017-002952 Application 14/046,063 Issue 2: Did the Examiner err in finding Kahn teaches “a separate access control label is generated for each combination of the users and privileges that are defined by the tag,” as recited in claim 4 and similarly recited in claim 10? ANALYSIS We disagree with Appellant’s contentions and adopt as our own: (1) the findings and reasons set forth by the Examiner in the action from which this appeal is taken (Final Act. 3, 5—11); (2) the findings and reasons set forth by the Examiner in the Advisory Action (Adv. Act. 2); and (3) the reasons set forth by the Examiner in the Answer in response to the Appeal Brief (Ans. 4—6). With respect to the claims argued by Appellant, we highlight and address specific findings and arguments for emphasis as follows. Issue 1 Appellant contends the Examiner erred in finding Kahn teaches “generating an access control label of the inventory object based on the tag” as recited in claim 1 and similarly recited in claims 7 and 13. (App. Br. 7—9; Reply Br. 2—3). Specifically, Appellant argues the claims “require two separate constructs — the [(1)] ‘tags’ which are used to generate [(2)] ‘access control labels,”’ but Kahn only teaches “a single construct — the rules of Kahn.” (App. Br. 8). Appellant further argues Kahn’s access control list (ACL) “is merely the compilation of [Kahn’s] policy” and “cannot be construed as a ‘rule.’” (Reply Br. 3). 3 Appeal 2017-002952 Application 14/046,063 We are not persuaded. The Examiner finds (Ans. 4), and we agree, Kahn teaches “a policy,” i.e., a tag, “about who (e.g., what users) should be able to access what resources (e.g., files, directories) in what manner(s) (e.g., read and/or write and/or execute)” (Kahn 3:49—55). The Examiner further finds (Ans. 4), and we agree, Khan discloses that to “implement and/or actually enforce such a policy, the site security administrator might establish . . . permission settings or ACL lists for each resource,” i.e., “ACL lists are created with the intent of reflecting a security policy” (Kahn 3:55— 4:9). Appellant’s argument that Kahn’s rules are “a single type of construct” (App. Br. 8) does not persuasively respond to the Examiner’s findings that Kahn’s permission settings and ACL lists, i.e., “access control labels,” are generated based on Kahn’s policies, i.e., “tags” (Ans. 4; see Kahn 3:49-4:9). Indeed, Kahn’s “permissions and ACL lists are created with the intent of reflecting a security policy.” (Kahn 4:5—7). further, Appellant’s argument that Kahn’s ACL lists are not rules (Reply Br. 3) does not address the Examiner’s finding that Kahn’s ACL lists specify user privileges for objects (Ans. 4), as required by the claim. Indeed, Kahn teaches an ACL “list[s] all users for a file that have read access to the file, write access to the file, and execute access to the file” (Kahn 1:42—56). Accordingly, we are not persuaded the Examiner erred in finding Kahn teaches “generating an access control label of the inventory object based on the tag” within the meaning of claims 1, 7, and 13. 4 Appeal 2017-002952 Application 14/046,063 Issue 2 Appellant contends the Examiner erred in finding Kahn teaches “a separate access control label is generated for each combination of the users and privileges that are defined by the tag,” as recited in claim 4 and similarly recited in claim 10. (App. Br. 9—10; Reply Br. 3—4). Specifically, Appellant argues Kahn does not “generate multiple constructs that determine whether a resource is permitted to be accessed.” (App. Br. 10). Appellant further argues, in Kahn, “only a single ACL list [is] created for one or more policies.” (Reply Br. 4). We are not persuaded. As discussed supra, we agree with the Examiner’s finding that Kahn’s permission settings or ACL lists, i.e., “access control labels,” are generated to implement Kahn’s policies, i.e., “tags” (Ans. 4; see Kahn 3:49-4:9). Appellant’s argument that Kahn generates a single ACL rather than generating multiple ACLs (App. Br. 10; Reply Br. 4) is not commensurate with the scope of the claims. The claims do not recite language requiring multiple ACLs, nor do the claims recite language precluding a single ACL. We agree with the Examiner’s broad, but reasonable, interpretation that a policy with only a single user-privilege combination generates permission settings or an ACL list for each user-privilege combination in that policy, i.e., the single user-privilege combination. (See Ans. 5). Accordingly, we are not persuaded the Examiner erred in finding Kahn teaches “a separate access control label is generated for each combination of the users and privileges that are defined by the tag,” within the meaning of claims 4 and 10. 5 Appeal 2017-002952 Application 14/046,063 Remaining Claims 2, 5, 6, 8, 9, 11, 12, 14, 17, 18, and 20 Appellant does not argue separate patentability for dependent claims 2, 5, 6, 8,9, 11, 12, 14, 17, 18, and 20, which depend directly or indirectly from claims 1,7, and 13. (See App. Br. 7—10). Accordingly, we are not persuaded of error, and we sustain the Examiner’s decision to reject claims 2, 5, 6, 8, 9, 11, 12, 14, 17, 18, and 20. DECISION The Examiner’s rejection of claims 1, 2, 4—14, 17, 18, and 20 under 35 U.S.C. § 103(a) as being unpatentable over Kahn and Butikofer is affirmed. No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a). See 37 C.F.R. § 1.136(a)(l)(iv). AFFIRMED 6 Copy with citationCopy as parenthetical citation