PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office
    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov










BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/617,136
Filing Date: 06/08/2017
Appellant(s): Wang, Nan; Zhao, YiSan; Teng, Shengbo; Wang, Wen; Zhang, Peter


__________________
Keith M. Arment
Reg. No. 72,061
For Appellant


EXAMINER’S ANSWER






This is in response to the appeal brief filed 11/18/2020.
(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated on 06/11/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.” New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
(2) Response to Argument
A. Rejection of Claims 1, 6-9, and 14-16 Under 35 U.S.C. § 103
1. The Office Action fails to cite art showing or suggesting "providing the one or more firewall rules to a networking manager outside of the virtual machine that is configured to apply the one or more firewall rules for the virtual machine," as recited by claim 1. (Pages 3-5 of Appeal Brief).
Examiner respectfully disagrees with Appellant for the following reasons.  
Examiner notes that Lee already teaches "providing the one or more firewall rules to a networking manager that is configured to apply the one or more firewall rules for the virtual machine," as recited in the claim (e.g. [0092], "transmit…the firewall rules to each computing resource (e.g., virtual machine) in a cloud chamber" [0093]: "The firewall rules can then be stored in a firewall rules database at a virtual machine in a cloud chamber" [0094]: "Each virtual machine further includes a firewall enforcer 760. The firewall enforcer at a virtual machine is responsible for enforcing the firewall rules that have been distributed to the virtual machine" [0165]: "distributes the firewall rules to the virtual machines in the cloud chambers" [0166]: "a firewall enforcer at a virtual machine is responsible for enforcing the firewall rules that have been distributed to the virtual machine"). However, Lee does not explicitly teach the network 
Referring to Bhagwat, Bhagwat teaches a virtual management server 106 ("a virtual machine") comprising a firewall manager 122, and the firewall manager 122 of the virtual machine 106 sending firewall rules to a firewall engine 102 outside of the virtual machine 106. The firewall engine 102 outside of the virtual machine 106 ("a networking manager outside of the virtual machine") manages firewall rules in the virtual network environment for the virtual machine 106, e.g. the firewall engine 102 filters traffic based on the firewall rules received from the firewall manager 122 of the virtual machine 106 ("apply the one or more firewall rules for the virtual machine"). See e.g. Bhagwat fig. 1 (shown below), [0019]: "Firewall manager 122 then sends the transformed firewall rules to firewall engine 102 for filtering communication…according to the transformed firewall rules..." Also, the firewall manager 122 of the virtual machine 106 can send updated firewall rules to the firewall engine 102 that's outside of the virtual machine 106. See e.g. [0020]: "firewall manager 122 automatically updates the transformed firewall rules sent to firewall engine 102 by repeating the steps of…sending to firewall engine 102..." 

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale

Thus, Bhagwat teaches "providing the one or more firewall rules to a networking manager outside of the virtual machine that is configured to apply the one or more firewall rules for the virtual machine," as recited by claim 1.
2. The Office Action fails to cite art showing or suggesting "identifying, in the virtual machine, an attach process for one or more applications to the virtual machine, wherein the attach process comprises mounting one or more storage volumes that store elements for executing the one or more applications and, in response to identifying the attach process and in the virtual machine, identifying the one or more firewall rules corresponding to the one or more applications," as recited by claim 1. (Pages 5-7 of Appeal Brief).
Examiner respectfully disagrees with Appellant for the following reasons.  
It should first be noted that claim 1 does not recite "identifying, in the virtual machine, an attach process for one or more applications to the virtual machine, wherein the attach 
Secondly, Appellant argued that "claim 1 requires that the virtual machine (1) identify one or more applications associated with an attach process and (2) identify one or more firewall rules associated with the applications…Lee fails to indicate that the virtual machine itself identifies the one or more applications available for execution on the virtual machine." Examiner notes that the claim does not recite identifying the one or more applications, instead, the claim recites "identifying…an attach process." Also, the claim recites "in the virtual machine" and not by the virtual machine, in other words, the identifying of an attach process and the identifying of the one or more firewall rules do not necessarily have to be done by the virtual machine. The claim limitation "identifying, in the virtual machine, an attach process" has been interpreted as identifying an attach process that is in the virtual machine, and the claim limitation "in the 
Referring to Lee, Lee discloses in e.g. fig. 7 (shown below), at least one cloud chamber comprising at least one virtual machine that includes an application component ("an attach process") and firewall rules ("one or more firewall rules"). See e.g. fig. 7, virtual machine 1 comprising application component A and firewall rules, and [0093]: "The firewall rules can then be stored in a firewall rules database at a virtual machine in a cloud chamber…In the example shown in FIG. 7, a copy of application component A has been installed at the first virtual machine…"
             
    PNG
    media_image3.png
    200
    400
    media_image3.png
    Greyscale

 Lee also discloses a cloud chamber system receiving an application profile which specifies an application component that implements one or more applications, and the application component installing at the virtual machine ("identifying, in the virtual machine, an 
In addition, Lee discloses in response to receiving the application profile specifying the application component that implements the one or more applications ("in response to identifying the attach process"), the system generating firewall rules based on the application profile specifying the application component that implements the one or more applications. Lee also discloses the firewall rules database in the virtual machine receiving and storing the generated firewall rules corresponding to the one or more applications, and the firewall enforcer in the virtual machine enforcing the firewall rules stored in the firewall rules database ("in the virtual machine, identifying the one or more firewall rules corresponding to the one or more applications"). See e.g. [0072]: "firewall policy that protects applications running in the first and second virtual machines" [0092], "analyzing, parsing, or examining the application profile…in order to generate firewall rules for all VMs…deploy, distribute, send, or transmit…the firewall rules to each computing resource (e.g., virtual machine) in a cloud chamber" [0093]: "The firewall rules can then be stored in a firewall rules database at a virtual machine in a cloud 
For at least the above reasons, claim 1 is not allowable over the cited prior arts. 
In response to Appellant argument that "Independent claim 9 contains limitations like those discussed above with respect to claim 1 and are allowable over the art of record for at least the same reasons as claim 1. Claims 6-8 and 14-16, while separately allowable over the art of record, depend on otherwise allowable independent claims. The Applicant therefore refrains from a discussion of claims 6-8 and 14-16 for the sake of brevity in view of the dependence from otherwise allowable independent claims" (page 7 of Appeal Brief), Examiner respectfully disagrees. Independent claim 9 contains limitations similar to those discussed above with respect to claim 1 and thus claim 9 is not allowable for at least the same reasons as claim 1 provided above. Claims 6-8 and 14-16 are also not allowable because the base claims from which they depend are not in condition for allowance as explained above.
For at least the above reasons, the rejections of claims 1, 6-9, and 14-16 under 35 U.S.C. 103 as being unpatentable over Lee in view of Bhagwat have been maintained. 
B. Rejection of Claims 2, 4, 10, and 12 Under 35 U.S.C. § 103
"Choudhary fails to overcome the deficiencies of Lee and Bhagwat described above with regards to the independent claims. Accordingly, a discussion of claims 2, 4, 10, and 12 is refrained from for the sake of brevity in view of their dependence from otherwise allowable independent claims" (page 7 of Appeal Brief), Examiner respectfully disagrees. Claims 2, 4, 10, and 12 are not allowable because the base claims from which they depend are not in condition for allowance as explained above.
For at least the above reasons, the rejections of claims 2, 4, 10, and 12 under 35 U.S.C. 103 as being unpatentable over Lee in view of Bhagwat further in view of Choudhary have been maintained.
C. Rejection of Claims 3 and 11 Under 35 U.S.C. § 103
In response to Appellant's argument that Sanzgiri fails to teach "wherein identifying the one or more firewall rules comprises identifying the one or more firewall rules in the one or more storage volumes," as recited in claim 3 and similarly recited in claim 11 (pages 7-8 of Appeal Brief), Examiner respectfully disagrees. Specifically, Appellant argued that "Sanzgiri fails to teach or describe (1) that the storage system is mounted to a virtual machine, (2) that the same storage system further includes elements for applications on the virtual machine, and (3) that firewall rules apply to apply to applications on the VSM virtual machine. Accordingly, the prior art fails to teach or suggest "wherein identifying the one or more firewall rules comprises identifying the one or more firewall rules in the one or more storage volumes," as recited by claim 3." Examiner notes that the above features (1)-(3) argued by Appellant are not required by claim 3, claim 3 only recites "wherein identifying the one or more firewall rules comprises identifying the one or more firewall rules in the one or more storage volumes," and Sanzgiri is 
For at least the above reasons, the rejections of claims 3 and 11 under 35 U.S.C. 103 as being unpatentable over Lee in view of Bhagwat in view of Choudhary and further in view of Sanzgiri have been maintained. 
D. Rejection of Claims 5 and 13 Under 35 U.S.C. § 103
In response to Appellant argument that "Shanbhag fails to overcome the deficiencies of Lee and Bhagwat described above with regards to the independent claims. Accordingly, a discussion of claims 5 and 13 is refrained from for the sake of brevity in view of their dependence from otherwise allowable independent claims" (page 8 of Appeal Brief), Examiner respectfully disagrees. Claims 5 and 13 are not allowable because the base claims from which they depend are not in condition for allowance as explained above.
For at least the above reasons, the rejections of claims 5 and 13 under 35 U.S.C. 103 as being unpatentable over Lee in view of Bhagwat further in view of Shanbhag have been maintained.
(3) Conclusion

Respectfully submitted,
/AMIE C. LIN/Examiner, Art Unit 2436                                                                                                                                                                                                        
Conferees:
/TRONG H NGUYEN/Primary Examiner, Art Unit 2436          
                                                                                                                                                                                              /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436                                                                                                                                                                                                        
Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.