Obviousness

Obviousness Analysis under 35 U.S.C. § 103 for US Patent 7224678

An invention is considered obvious under 35 U.S.C. § 103 if the differences between the claimed invention and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art (POSA). This analysis considers the scope and content of the prior art, the differences between the prior art and the claims, the level of ordinary skill in the art, and any secondary considerations of non-obviousness.

For US Patent 7224678, the filing date is 2002-08-12. A person having ordinary skill in the art in this field would have had a strong understanding of wireless local and metropolitan area networks, particularly the IEEE 802.11 standard, and common network security principles.

Prior Art Combinations and Motivations for Obviousness

The prior art identified, particularly WO0137532A2, is remarkably similar to US7224678. The "Prior Art" section notes that WO0137532A2, with an earlier publication date (2001-05-25) and identical inventor and assignee, "appears to directly anticipate all independent claims of US7224678." If this is the case, the claims would be invalid under 35 U.S.C. § 102 (anticipation), which inherently also renders them obvious. However, even if not fully anticipated, the claims would be rendered obvious by combining WO0137532A2 with other foundational prior art, such as the IEEE 802.11 Standard.

Primary Combination: WO0137532A2 and IEEE 802.11 Standard, 1999 Edition

References:

• WO0137532A2 - Wireless network having intrusion detection and related methods (Billhartz, Thomas Jay; Harris Corp.)
• IEEE 802.11 Standard, 1999 Edition - "IEEE Standards for Information Technology—Telecommunications and Information Systems—Local and Metropolitan Area Network—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications"

Motivation to Combine:
A person having ordinary skill in the art (POSA) designing or implementing a wireless intrusion detection system, as described in WO0137532A2, would naturally and necessarily refer to the underlying technical specifications for wireless networks. The IEEE 802.11 Standard is explicitly acknowledged in US7224678 as a foundational document for wireless LAN/MAN protocols, defining the Media Access Control (MAC) layer and Physical Layer (PHY) specifications upon which the claimed invention operates. The intrusion detection methods in both WO0137532A2 and US7224678 rely on monitoring MAC layer anomalies, such as FCS errors, NAV values in RTS/CTS packets, and contention modes. To effectively monitor and interpret these MAC layer elements for intrusion detection, a POSA would directly consult the IEEE 802.11 Standard, which provides the precise definitions, formats, and operational rules for these elements. The motivation is to apply the conceptual intrusion detection techniques described in WO0137532A2 to the practical and standardized framework of an 802.11 wireless network.

Analysis of Independent Claims:

1. Claims 1 and 42 (System and Method for FCS Errors):

   • WO0137532A2 explicitly discloses "monitoring transmissions among the plurality of stations to detect frame check sequence (FCS) errors from a MAC address, and generating an intrusion alert based upon detecting a number of FCS errors for the MAC address exceeding a threshold."
   • A POSA would combine this teaching with the IEEE 802.11 Standard's definition of a Frame Check Sequence (FCS) and MAC addresses within an 802.11 frame, and the standard's mechanism for error detection. The standard provides the necessary details for implementing the FCS error detection taught by WO0137532A2.

2. Claims 12 and 51 (System and Method for Failed Authentications):

   • WO0137532A2 discloses detecting "failed attempts to authenticate MAC addresses, and generating an intrusion alert based upon detecting a number of failed attempts to authenticate a MAC address."
   • The IEEE 802.11 Standard defines the authentication procedures and the use of MAC addresses in wireless networks. A POSA would naturally apply the intrusion detection concept from WO0137532A2 using the specific authentication protocols and MAC address handling detailed in the 802.11 standard.

3. Claims 22 and 59 (System and Method for Illegal NAV Values):

   • WO0137532A2 teaches detecting "illegal NAV value[s] therein and generate an intrusion alert based thereon" by monitoring RTS and CTS packets.
   • The IEEE 802.11 Standard defines the Request To Send (RTS) and Clear To Send (CTS) packets and the Network Allocation Vector (NAV) within them, including their purpose and expected values. A POSA implementing the detection of "illegal" NAV values would necessarily refer to the 802.11 Standard to understand what constitutes a "legal" or permissible NAV value and therefore detect deviations.

4. Claims 30 and 65 (System and Method for Contention-Free Mode Operation Outside CFP):

   • WO0137532A2 describes detecting "contention-free mode operation outside of a CFP" for intrusion detection.
   • The IEEE 802.11 Standard clearly defines "contention-free mode" and "Contention-Free Periods (CFPs)" as operational modes for wireless stations. A POSA would combine these references to monitor for instances where a station operates in a mode that contradicts the network's established CFP schedule, as defined by the standard.

5. Claims 36 and 69 (System and Method for Contention Mode Operation During CFP):

   • WO0137532A2's disclosure of detecting "contention-free mode operation outside of a CFP (or vice versa)" covers detecting contention mode operation during a CFP.
   • As with the previous point, the IEEE 802.11 Standard explicitly defines "contention mode" and "CFPs." A POSA would use the standard's definitions to identify and flag contention mode activity during a period designated for contention-free operation, based on the intrusion detection principle taught by WO0137532A2.

Secondary Combination: US6526053B1 and IEEE 802.11 Standard, 1999 Edition

References:

• US6526053B1 - Method and system for managing wireless local area network security (Ramaswamy et al.)
• IEEE 802.11 Standard, 1999 Edition

Motivation to Combine:
US6526053B1 teaches a system for managing WLAN security by monitoring client event logs and configuration information to identify abnormal events, such as "unauthorized MAC addresses" and "multiple clients using the same MAC address". A POSA concerned with enhancing wireless network security, as addressed by US6526053B1, would be motivated to leverage the detailed MAC layer protocols defined in the IEEE 802.11 Standard. The motivation is to implement the general security monitoring taught by US6526053B1 by drawing upon the specific technical mechanisms of an 802.11 network.

Analysis of Relevant Aspects (e.g., Failed Authentications, MAC Address Collisions):

• Claims 12 and 51 (Failed Authentications): US6526053B1's concept of identifying "unauthorized MAC addresses" and de-authenticating clients directly implies monitoring authentication attempts. A POSA would find it obvious to apply this monitoring to detect failed authentication attempts, using the 802.11 standard's authentication process. This combination would lead to the generation of an alert upon detecting a threshold number of such failures, an obvious design choice for a security system.
• Disclosed Embodiments (e.g., FIG. 10 / Method Block 202 for Collisions of same MAC address): US6526053B1 explicitly teaches detecting "multiple clients using the same MAC address" as an abnormal event for security management. This directly addresses the concept of detecting collisions of a same MAC address as described in US7224678. The IEEE 802.11 Standard defines how MAC addresses are used in the network, providing the context for detecting such collisions.

Conclusion

Given the comprehensive disclosure in WO0137532A2, which largely mirrors the independent claims of US7224678, in combination with the foundational teachings of the IEEE 802.11 Standard, all independent claims (1, 12, 22, 30, 36, 42, 51, 59, 65, 69) of US7224678 would have been obvious to a person having ordinary skill in the art at the time of the invention. The motivation for combining these references is clear: to apply known intrusion detection principles (from WO0137532A2 and general network security as exemplified by US6526053B1) to the specific, standardized operational framework of IEEE 802.11 wireless networks.