Obviousness

An analysis of the obviousness of US patent 5,987,610 under 35 U.S.C. § 103, based on prior art available before the February 12, 1998, filing date, is provided below. This analysis focuses on the independent claims (1, 12, 23, and 43) as they define the broadest scope of the invention.

Defining the Skilled Artisan

A person having ordinary skill in the art (PHOSITA) as of early 1998 would be a computer scientist or software engineer with several years of experience in computer networking, telecommunications systems, and software security. This individual would be familiar with the Public Switched Telephone Network (PSTN), network protocols (like TCP/IP and PPP), the architecture of client-server systems, and the principles of anti-virus software, including signature-based scanning and heuristic analysis.

Obviousness Analysis of Claims 1, 12, and 23

Claims 1, 12, and 23 cover the core concept of performing virus screening on computer data within a telephone network, as opposed to on an end-user's computer. The key elements are routing data through a telephone network, intercepting it at a network node (like a switching office), screening it for viruses, and taking action if a virus is found.

This concept would have been obvious to a PHOSITA by combining the known principles of network-based content filtering (as seen in firewalls and proxy servers) with existing, well-understood anti-virus scanning technology.

Prior Art Combination:

• US 5,623,600 ("Mata" - incorporated by reference in '610): Titled "System and method for detecting computer viruses," Mata teaches a method for detecting viruses by emulating the execution of a program in a virtual computer to observe its behavior. This reference establishes the state of the art for sophisticated virus detection techniques, including emulation, which is relevant to Claim 43 but also demonstrates the general-purpose, software-based nature of virus scanning.
• US 5,319,776 ("Hile" - incorporated by reference in '610): Titled "Computer virus screening," Hile describes a method for screening for viruses in a computer system by intercepting calls to the operating system made by a program. This shows a common method of "intercepting" and "analyzing" data flows or program behavior for malicious content, a key step in the '610 patent's claims.
• The Concept of Network Firewalls and Proxies (pre-1998): By the mid-1990s, network firewalls and proxy servers were well-established technologies. These systems functioned by sitting between a trusted internal network and an untrusted external network (like the Internet), intercepting all traffic, inspecting it according to a set of rules, and blocking or modifying traffic that was deemed undesirable or unsafe. This is directly analogous to the '610 patent's placement of a virus scanner within the telephone network.

Motivation to Combine:

A PHOSITA in the late 1990s would have recognized the growing problem of computer viruses spreading via the Internet, which was primarily accessed through dial-up connections over the telephone network. The existing model of relying on end-users to install and update their own anti-virus software was known to be flawed and unreliable.

The motivation to combine these technologies would have been to provide a more reliable, centralized, and value-added service. A telecommunications provider would be naturally motivated to offer a "clean pipe" service to its customers, protecting them from viruses before the malicious data ever reached their computers. This addresses the clear market need for better, easier-to-manage security. The PHOSITA would have seen that:

1. Firewalls and proxies already provide a model for intercepting and filtering network traffic at a central point.
2. Anti-virus scanning (as taught by Hile and Mata) is a software-based process that can be run on any general-purpose computer (processor).
3. Placing an anti-virus scanning process on a server or appliance within the telephone network is a logical extension of the firewall concept. Instead of filtering based on IP addresses or port numbers, the system would filter based on virus signatures or malicious behaviors.

Therefore, implementing the method of Claims 1 and 23, and building the system of Claim 12, would have been a predictable and obvious solution to a well-known problem. It was an application of a known technique (anti-virus scanning) to a known and analogous system (a network firewall/proxy) to achieve a predictable result (blocking viruses at the network level).

Obviousness Analysis of Claim 43

Claim 43 describes a method of detecting a virus by running an executable program in a "model" (or virtualized environment) of a second computer and then screening the model for changes indicative of a virus. This is a classic description of what is now known as "sandboxing" or dynamic analysis.

Prior Art Combination:

• US 5,623,600 ("Mata"): As previously noted, Mata, which is explicitly incorporated by reference into the '610 patent, discloses the core of this claim. Mata's abstract describes a method that "includes the step of creating a virtual computer within the computer" and "emulating the execution of at least a portion of the program in the virtual computer" to detect viruses. This directly teaches the concepts of using a model/virtual environment and executing the program within it for screening purposes.

Motivation to Combine:

No combination is necessary, as the core inventive concept of Claim 43 is already substantially taught by the Mata patent. A PHOSITA reading the '610 patent's description of creating a "model of a client computer" (Claim 43) would immediately recognize it as the "virtual computer" taught by Mata. Executing the program within this model to "screen the model for at least one virus" is the same as emulating the program's execution in Mata's virtual computer to detect viruses.

While the '610 patent places this sandboxing technique within the context of a telephone network, the act of performing the sandboxing itself was a known method for virus detection. Applying this known detection method at a different location (in the network rather than on the desktop) does not create a new, non-obvious method of detection. It is merely the use of an old tool in a predictable location.

Summary of Obviousness Findings

The claims of US patent 5,987,610 would have been obvious to a person of ordinary skill in the art as of the February 12, 1998, priority date.

• Claims 1, 12, and 23 are obvious over the combination of well-known network firewall/proxy principles and existing anti-virus scanning software. The motivation to combine these elements was strong: to provide a centralized, more reliable security service to combat the growing threat of viruses being distributed over telephone networks.
• Claim 43 is anticipated or, at a minimum, rendered obvious by US 5,623,600 (Mata), which teaches the core concept of using a virtual machine or "model" to safely execute and analyze a program for viral activity. Placing this known detection technique inside a network is an obvious design choice, not an inventive step.

This finding aligns with the ultimate outcome of the litigation involving this patent, where the claims were invalidated under 35 U.S.C. § 101 for being directed to an abstract idea. The court's reasoning was that filtering content is a long-standing, abstract concept, and applying it to computer viruses using generic computers was not an inventive transformation. This logic parallels the obviousness argument: the implementation of the claims relies on applying conventional technologies in a predictable manner.