Nicira, Inc.Download PDFPatent Trials and Appeals BoardMar 19, 20212019005964 (P.T.A.B. Mar. 19, 2021) Copy Citation UNITED STATES PATENT AND TRADEMARK OFFICE UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 15/386,207 12/21/2016 Kaushal Bansal N320.01 (NCRA.P0481) 1584 109858 7590 03/19/2021 ADELI LLP P.O. Box 516 Pacific Palisades, CA 90272 EXAMINER TRAN, ELLEN C ART UNIT PAPER NUMBER 2433 NOTIFICATION DATE DELIVERY MODE 03/19/2021 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com mail@adelillp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE ____________ BEFORE THE PATENT TRIAL AND APPEAL BOARD ____________ Ex parte KAUSHAL BANSAL, UDAY MASUREKAR, SHADAB SHAH, JAMES JOSEPH, and STEVEN PETERS ____________ Appeal 2019-005964 Application 15/386,207 Technology Center 2400 ____________ Before CAROLYN D. THOMAS, MICHAEL J. ENGLE, and PHILLIP A. BENNETT, Administrative Patent Judges. THOMAS, Administrative Patent Judge. DECISION ON APPEAL Pursuant to 35 U.S.C. § 134(a), Appellant1 appeals from the Examiner’s decision to reject claims 1–10 and 15–24. Claims 11–14 are canceled. See Claims Appendix. We have jurisdiction over the appeal under 35 U.S.C. § 6(b). We REVERSE. 1 We use the word “Appellant” to refer to “applicant” as defined in 37 C.F.R. § 1.42. Appellant identifies the real parties in interest as VMware, Inc., and Nicira, Inc. Appeal Br. 2. Appeal 2019-005964 Application 15/386,207 2 The present invention relates generally to “managing firewall protection in a datacenter that includes multiple host machines that each hosts a set of data computer nodes.” Spec., Abstract. Claim 1 is illustrative: 1. A method for managing firewall protection in a datacenter comprising a plurality of host machines that each hosts a set of data compute nodes, the method comprising: at a network manager executing on a computer of the datacenter, receiving a plurality of updates to sections of a firewall rule configuration stored in a firewall rule configuration storage of the datacenter, the firewall rule configuration comprising a plurality of firewall rules that are to be enforced at the plurality of host machines, and associating each updated section with a version number; using a version number associated with an updated section to identify a host machine in the datacenter that has not received one of the plurality of updates; generating a host-level firewall configuration update comprising the updates relevant to the identified host machine and associating the host-level firewall configuration update with a particular version number of the version numbers associated with the relevant updates; and distributing the host-level firewall configuration update to the identified host machine and associating the identified host machine with the particular version number, wherein said identified host machine uses the host-level firewall configuration update to process packets for a data compute node executing on the identified host machine in accordance with firewall actions specified by the host-level firewall configuration update. Appeal 2019-005964 Application 15/386,207 3 Appellant appeals the following rejection:2 Claims 1–10 and 15–24 are rejected under 35 U.S.C. § 103(a) as being unpatentable over Litvin (US 2009/0249472 A1, Oct. 1, 2009), Kirby (US 9,369,431 B1, June 14, 2016), and Lotem (US 8,621,552 B1, Dec. 31, 2013). Final Act. 9–14. We review the appealed rejections for error based upon the issues identified by Appellant, and in light of the arguments and evidence produced thereon. Ex parte Frye, 94 USPQ2d 1072, 1075 (BPAI 2010) (precedential). ANALYSIS We have reviewed Appellant’s arguments in the Briefs, the Examiner’s rejection, and the Examiner’s response to Appellant’s arguments. We concur with Appellant’s conclusion that the Examiner erred in finding that the combination of the references teaches or suggests using a version number associated with an updated section to identify a host machine. See claim 1. As identified by Appellant, “[u]nlike the claimed version number . . . the Change Request ID of Lotem is merely a passive identifier[] . . . [that] is never used to proactively identify a host that has not received an update, as claimed” (Appeal Br. 16) (emphasis added), because it “is only peripherally relied upon to propagate updates to firewalls.” Id. We agree with Appellant. Although the Examiner finds that “Lotem clearly teach/suggests that the firewall version is recorded in the configuration repository and can be 2 The Examiner withdrew the rejection of claims 1–10 and 15–25 under 35 U.S.C. § 101. See Ans. 8–9. Appeal 2019-005964 Application 15/386,207 4 used as a reference for identifying and examining future changes” (Ans. 9), and “Lotem clearly tracks the configuration change record to indicate which firewalls need to update their respective firewall configuration” (id. at 10) (emphasis added), the Examiner has merely shown that Lotem’s system identifies which firewalls need to update their respective firewall configuration. However, the claims require using a version number associated with an updated section to identify a host machine in the datacenter that has not received one of the plurality of updates. We find that the claimed host machine is distinguishable from Lotem’s firewall in that the claimed host machine each hosts a set of data compute nodes (see claim 1), whereas Lotem’s firewall is merely “a general name for a network device that can be used for filtering access in the network.” Lotem 10:4–6. Thus, we agree with Appellant that “a firewall is not a host machine and would not reasonably be interpreted as such.” Reply Br. 3. As a result, although Lotem teaches “identifying the firewalls in the network” (see Lotem 10:61–62; 28:57–61; 31:45–48), we note that this is not the same as Lotem teaching a version number identifying a host machine that has not received the updates, as required by all the claims. The Examiner also has not found that any of the other references of record teach this feature. In view of the above discussion, we are of the opinion that the proposed combination of references set forth by the Examiner does not support the obviousness rejection. Since we agree with at least one of the arguments advanced by Appellant, we need not reach the merits of Appellant’s other arguments. Accordingly, we do not sustain the rejection Appeal 2019-005964 Application 15/386,207 5 of independent claims 1 and 15, or the rejection of dependent claims 2–10 and 16–24 which all include the argued limitations. CONCLUSION Appellant has demonstrated that the Examiner erred in rejecting claims 1–10 and 15–24 as being unpatentable under 35 U.S.C. § 103. In summary: Claim(s) Rejected 35 U.S.C. § Reference(s)/Basis Affirmed Reversed 1–10, 15–24 103 Litvin, Kirby, Lotem 1–10, 15–24 REVERSED Copy with citationCopy as parenthetical citation