Obviousness

Obviousness Analysis of US Patent 8,234,705

This analysis evaluates the patentability of the independent claims of U.S. Patent 8,234,705 ("the '705 patent") in light of prior art, focusing on the standard of obviousness under 35 U.S.C. § 103. The '705 patent, with a priority date of September 27, 2004, describes a method and system for quarantining a host computer that requests access to a protected network.

I. Standard for Obviousness

An invention is considered obvious if the differences between the claimed invention and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art (PHOSITA). An obviousness rejection requires a clear articulation of the reasons why the claimed invention would have been obvious. This involves demonstrating not just that individual elements of the claim existed in the prior art, but that a PHOSITA would have been motivated to combine these elements with a reasonable expectation of success.

II. Person Having Ordinary Skill in the Art (PHOSITA)

For the '705 patent, a PHOSITA would be an individual with a bachelor's degree in computer science, electrical engineering, or a related field, and 2-3 years of professional experience in network administration or network security. This experience would include familiarity with network protocols (TCP/IP), firewalls, routing, and common security threats such as viruses and worms prevalent in the early 2000s.

III. Analysis of Independent Claims

The independent claims (1, 15, and 26) of the '705 patent recite the same core invention. The analysis below focuses on Claim 1 as representative of all three.

Claim 1 Elements:
a) Receiving a request from a host to connect to a protected network.
b) Determining whether the host is required to be quarantined.
c) If so, providing only limited access to the protected network.
d) Redirecting communication attempts from the quarantined host (for non-remediation purposes) to a quarantine system/server.

IV. Prior Art and Motivation to Combine

The concept of network quarantine was a known solution to the problem of infected or non-compliant devices connecting to a network prior to the '705 patent's 2004 priority date. The proliferation of worms like MSBlast and Sobig.F in 2003 created a significant and widely recognized need to verify the security posture of connecting devices, particularly those of remote users.

Microsoft's Network Access Quarantine Control (NAQC)

In 2003, Microsoft introduced a feature in Windows Server 2003 called Network Access Quarantine Control (NAQC). This system was explicitly designed to address the risks posed by remote access clients connecting to a corporate network.

• Teaches Elements (a), (b), and (c): Microsoft's white paper on NAQC, published in March 2003, describes a system that intercepts a connection request from a remote access system (element a). It then places the connecting system into a "quarantine with limited access" (element c) until a script can validate its compliance with security policies, such as having the latest patches and antivirus updates (element b). The system was designed to ensure legitimate users complied with policies regarding firewalls, anti-virus software, and security patches.

• Motivation for Element (d): While the 2003 descriptions of NAQC focus on running a script to check for compliance, the logical next step for a PHOSITA would be to automate the remediation process for non-compliant machines. A non-compliant user needs a way to fix their system to gain full access. Simply blocking them is counterproductive. The most direct way to facilitate this is to redirect their traffic to a remediation server. This server could host necessary patches, antivirus updates, and provide instructions.

The concept of a separate, isolated "quarantine network" where non-compliant PCs are sent for remediation was a known strategy. A paper by NEC Corporation discusses this exact architecture: "The PCs that do not comply with the security policy are isolated in a quarantine network that is configured separately from the backbone network as a countermeasure in support of the security policy." The purpose of this isolation is explicitly for "remediation."

Motivation to Combine:

A PHOSITA in 2004, facing the well-known problem of non-compliant remote devices, would have been highly motivated to combine a system like Microsoft's NAQC with the concept of a dedicated remediation server.

1. Problem-Solving: The primary goal of a quarantine system is not just to block, but to securely grant access. If a device is non-compliant, the system must provide a path to compliance. Combining NAQC's quarantine function with a remediation server solves the problem of how to fix a non-compliant machine.
2. Predictable Results: Redirecting a non-compliant host's traffic to a server that holds the tools to make it compliant is a straightforward and predictable solution. A PHOSITA would reasonably expect that a quarantined device, when its web traffic is redirected to a server with patches, could download those patches and achieve compliance.
3. Efficiency and Automation: Manually remediating every quarantined machine is inefficient. Automating the process by redirecting users to a self-service remediation portal is a common-sense improvement that a PHOSITA would readily envision to reduce administrative burden.

V. Conclusion

The independent claims of the '705 patent appear to be obvious in light of prior art available before September 27, 2004. Systems like Microsoft's NAQC, available in 2003, already taught the core concepts of receiving a connection request, making a quarantine determination, and providing limited access. The concept of a separate quarantine network for the express purpose of remediation was also well-established.

A person having ordinary skill in the art would have been motivated to combine these known elements to create a more efficient and automated system. The motivation would stem from the clear and urgent need to solve the problem of non-compliant machines connecting to a network, a problem highlighted by major worm outbreaks in 2003. The combination of an access control system that quarantines non-compliant hosts with a remediation server to fix them would have been a predictable and logical step to a PHOSITA at the time. Therefore, the independent claims of US Patent 8,234,705 are likely invalid under 35 U.S.C. § 103.