Obviousness

Analysis of Obviousness for U.S. Patent 7,519,814

Date of Analysis: May 14, 2026
Patent: US 7,519,814 B2
Title: System for containerization of application sets
Priority Date: September 15, 2003

This analysis examines the obviousness of the independent claims of US Patent 7,519,814 in light of prior art existing before its priority date of September 15, 2003, pursuant to 35 U.S.C. § 103.

A Person Having Ordinary Skill in the Art (PHOSITA) at the time of the invention would be a systems administrator or operating systems developer with several years of experience in Unix-like operating systems (e.g., BSD, Linux, Solaris), including knowledge of system virtualization, application deployment, and network services management.

The claims of the '814 patent are rendered obvious by a combination of prior art technologies that were well-established and widely understood before the priority date. The primary teaching is found in FreeBSD Jails, first released with FreeBSD 4.0 on March 14, 2000. Secondary teachings related to system call interception and software packaging practices were also common knowledge.

Prior Art: FreeBSD Jails (Released March 2000)

FreeBSD Jails provided a robust form of operating system-level virtualization, a significant advancement over the older chroot utility. By 2003, a PHOSITA would have been aware of the following capabilities of FreeBSD Jails:

1. Filesystem and Process Isolation: A jail confines processes to a specific directory subtree, preventing them from accessing or affecting files and processes outside the jail. This directly teaches the concept of a "secure" and "mutually exclusive" environment as described in the '814 patent. Jails were created to establish a "clean, clear-cut separation" between services for security and ease of administration.
2. Kernel Sharing, Not Duplication: Processes within a jail run on the host system's single, shared kernel. This directly teaches the claimed invention's central feature of creating a "container" that "exclud[es] a kernel" and "utiliz[es] a kernel resident on the server."
3. Unique Network Identity: A key feature of FreeBSD Jails was the ability to assign a unique IP address to each jail. This provided network-level isolation, allowing multiple jails on one machine to run the same service (e.g., a web server on port 80) without conflict. This directly teaches the claim 2 limitation of providing each container with its "own unique identity associated therewith, said identity comprising at least one of an IP address."
4. Self-Contained Userland: To function, a jail required a complete set of userland files, including system libraries and configuration files, to be placed within its directory subtree. A PHOSITA would understand that to run an application inside a jail, all of its dependencies (executables, libraries, config files) must be present inside the jail's root path. This directly anticipates the concept of packaging an application with its "set of associated system files required to execute the one or more applications."

Combination of Prior Art and Motivation

A PHOSITA would have been motivated to combine the established features of FreeBSD Jails with other well-known techniques to arrive at the invention claimed in the '814 patent.

1. Combination of FreeBSD Jails and Standard Dependency Management

• Prior Art: FreeBSD Jails and the common practice of resolving application dependencies by co-locating required libraries and configuration files.
• Obviousness of Claim 1: Claim 1 describes packaging an application with its required "system files" into a container, where those files are used in place of the host's system files. A PHOSITA facing a common "dependency hell" problem—where two applications in different jails require different versions of a shared library—would find it obvious to solve this by simply copying the specific, required version of that library into each jail's respective file system. This was a standard procedure for making a chroot or jail environment functional. The motivation is direct: to make the application run correctly and be independent of the host's specific library versions. Combining this standard practice with the isolation provided by FreeBSD Jails directly yields the method described in Claim 1.

2. Combination of FreeBSD Jails and System Call Interposition

• Prior Art: FreeBSD Jails and the well-documented technique of "system call interposition" (also known as interception or tracing). System call interposition was a known method used for security, monitoring, and debugging applications before 2003. Tools and research papers explicitly discussed intercepting system calls to "monitor and regulate" an application's interactions with the operating system.
• Obviousness of Claim 2: Claim 2 adds the limitations of a unique identity (including hostname and MAC address) and a "run time module for monitoring system calls" to "provide control" over applications, a process the patent calls "spoofing."
  • Motivation: A PHOSITA seeking to enhance the isolation of a FreeBSD jail would recognize its limitations. While a jail could have its own IP address, it would still report the host system's hostname by default. To create a more complete virtual environment, an application inside the jail would need to see its own hostname.
  • The Obvious Solution: The most direct and well-known method to achieve this was to intercept the system call that requests the hostname (e.g., uname()) and return a custom, jail-specific value instead of the true kernel value. This technique of providing false, or "spoofed," information via an interposing module was a clear application of existing system call interception technology to solve a known limitation in jail-based virtualization. This directly teaches the "run time module" and its "spoofing" function as claimed. Extending this principle from hostname to other identifiers like a MAC address would be a trivial and obvious step for a PHOSITA.

Conclusion

The independent claims of US Patent 7,519,814 describe a system that is a logical and obvious combination of pre-existing technologies. FreeBSD Jails, publicly available and documented more than three years before the patent's priority date, taught the core concepts of an isolated, kernel-less environment with its own filesystem and unique IP address. The motivation to solve known problems, such as library version conflicts and incomplete environment virtualization (e.g., shared hostnames), would have led a PHOSITA to the obvious solutions of bundling specific application dependencies within the jail and using system call interposition to virtualize other system identifiers. Therefore, the claimed invention would have been obvious to a person having ordinary skill in the art at the time the invention was made.