Prior art — US Patent 7519814

Analysis of Prior Art Cited in U.S. Patent 7,519,814

This section details the prior art references cited by the examiner during the prosecution of U.S. Patent 7,519,814. For each reference, this analysis provides the citation, relevant dates, a brief description of the disclosed technology, and an assessment of which claims in the '814 patent it could potentially anticipate under 35 U.S.C. § 102.

The '814 patent has a priority date of September 15, 2003. Therefore, any reference published or filed before this date constitutes prior art.

1. U.S. Patent 5,944,781

Full Citation: US Patent 5,944,781, "Method and system for providing an isolated computing environment within a computer system"
Inventors: Murray, et al.
Filing Date: June 25, 1997
Publication (Issue) Date: August 31, 1999
Brief Description: This patent describes a system for creating isolated computing environments, termed "virtual machines," on a single computer. Each virtual machine has its own set of resources, including a separate file system and network address, effectively isolating it from other virtual machines on the same host. It focuses on partitioning a single system to run multiple isolated environments concurrently, managed by a host operating system.
Potential Anticipation of Claims:
- Claim 1 & 2: This reference appears highly relevant. It discloses creating isolated environments for applications with their own files. The concept of providing a unique identity (like a network address) to an isolated environment is also present, which maps to the "unique identity" element of claim 2. However, the '814 patent specifically claims a "container" that excludes a kernel and utilizes the local kernel of the server. The key distinction would be whether Murray's "virtual machine" requires a full guest operating system, including its own kernel, for each isolated environment. The '814 patent's innovation lies in sharing the host kernel. If Murray's system necessitates a separate kernel for each partition, it would not fully anticipate the claims of the '814 patent.

2. U.S. Patent 6,078,924

Full Citation: US Patent 6,078,924, "Firewall system for providing Internet service to a virtual private network"
Inventors: Ainsworth
Filing Date: June 10, 1997
Publication (Issue) Date: June 20, 2000
Brief Description: Ainsworth describes a firewall system that manages network traffic for virtual private networks (VPNs). It details methods for associating network policies and IP addresses with specific groups of users or applications to securely partition network access. The focus is on network-level isolation and security rather than application execution environments.
Potential Anticipation of Claims:
- Claim 2: This reference is relevant to the "unique identity" aspect of claim 2, particularly the association of a unique IP address with a set of applications. It teaches isolating network identities. However, it does not describe the core concept of the '814 patent: a kernel-less container that packages an application with its own set of system files to be used in place of the host's files. The Ainsworth patent is focused on network security policy and not on application virtualization or containerization. Therefore, it is unlikely to anticipate either claim 1 or the entirety of claim 2.

3. U.S. Patent 6,397,242 B1

Full Citation: US Patent 6,397,242 B1, "Method for virtualizing resources in a computer system"
Inventors: Devine, et al.
Filing Date: October 29, 1999
Publication (Issue) Date: May 28, 2002
Brief Description: This patent, assigned to VMware, Inc., is a foundational text on virtual machine technology. It discloses a method where a virtual machine monitor (VMM) or "hypervisor" intercepts system calls and manages access to hardware resources for multiple guest operating systems. Each guest OS runs in its own isolated virtual machine and believes it has exclusive control over the hardware.
Potential Anticipation of Claims:
- Claim 1 & 2: This reference is a strong piece of prior art for the concept of virtualizing and isolating computer environments. The VMM's role in intercepting calls is analogous to the "run time module" in claim 2. However, the '814 patent explicitly distinguishes its invention from this type of virtual machine technology in its background section, stating, "The key difference between the Virtual Machine approach and the approach described herein is that in the former an operating system, including files and a kernel, must be deployed for each application while the latter only requires one operating system..." The '242 patent describes a system where each virtual machine requires its own full operating system, including a kernel. Because the claims of the '814 patent specifically recite that the container excludes a kernel, this reference does not directly anticipate them.

4. U.S. Patent Application Publication 2002/0188708 A1

Full Citation: US 2002/0188708 A1, "System and method for supporting multiple isolated user environments on a single host computer"
Inventors: Wookey, et al.
Filing Date: June 14, 2001
Publication Date: December 12, 2002
Brief Description: This publication describes a system for hosting multiple "virtual environments" on a single server. It details a method for creating isolated file systems and process spaces for different applications or users. The system redirects file system calls from an application to a private, per-environment directory, effectively isolating its view of the file system. It also discusses managing unique identities for these environments.
Potential Anticipation of Claims:
- Claim 1 & 2: This reference is highly relevant and potentially the closest prior art. It teaches creating multiple isolated environments on a single host and providing each with a private file system view. The concept of redirecting system calls to achieve isolation is similar to the '814 patent's "run time module" that intercepts system calls. The crucial question for anticipation is whether Wookey's "virtual environment" is kernel-less and utilizes the host kernel, and whether it explicitly teaches packaging system files (like libraries) with the application for use in place of the host's system files. If Wookey's system provides this level of file system virtualization and shares the host kernel, it could be argued to anticipate key elements of both independent claims.

5. "A Multi-User, Secure UNIX" by J.P.L. Woodward

Full Citation: Woodward, J.P.L. "A Multi-User, Secure UNIX." The Radio and Electronic Engineer, Vol. 52, No. 1, Jan. 1982.
Publication Date: January 1982
Brief Description: This academic paper discusses early methods for enhancing the security and isolation of multi-user UNIX systems. It explores techniques for restricting user access to files and system resources to prevent interference between different users on the same machine. The focus is on security hardening of a traditional time-sharing operating system.
Potential Anticipation of Claims:
- Claim 1 & 2: This reference describes the general goal of isolation but from a security perspective within a monolithic OS. It does not teach the concept of a portable, self-contained "container" that packages an application with its own specific system file dependencies and has its own unique network identity. The methods described are tied to the host operating system's user management and do not involve creating a virtualized, transportable application environment. Therefore, it is unlikely to anticipate the claims.

Summary of Prior Art Relevance:

The most relevant prior art references are U.S. Patent 5,944,781 (Murray) and U.S. Patent Application 2002/0188708 A1 (Wookey). Both disclose systems for creating isolated computing environments with private resources. The critical distinguishing feature of U.S. Patent 7,519,814 appears to be the specific claim limitation that the "container" is kernel-less and that the system files within the container are utilized in place of the host system's files, all while sharing the single host OS kernel. The VMware patent ('242) is explicitly distinguished by its reliance on a separate kernel for each virtual machine. The strength of the '814 patent against an anticipation challenge would hinge on whether prior art like Wookey's truly teaches this specific architectural approach to application virtualization, now commonly understood as OS-level virtualization or containerization.