Prior art

An analysis of select prior art cited against U.S. Patent 8,234,705, titled "Contagion isolation and inoculation," reveals several earlier patents that touch upon key concepts of network security, including the quarantining of potentially infected computers. This analysis focuses on the most relevant of the 60 patent citations, examining their contributions to the field and their potential to anticipate the claims of the '705 patent under 35 U.S.C. § 102.

The '705 patent, filed on September 27, 2005, describes a system where a host attempting to connect to a protected network is assessed to determine if it needs to be quarantined. If quarantined, the host is given limited network access, primarily for remediation purposes, such as downloading security patches or updates. Attempts to access other network resources are redirected to a quarantine server that provides information and instructions to the user.

Below is an examination of key prior art and the specific claims of U.S. Patent 8,234,705 they may anticipate.

Key Prior Art Analysis:

1. U.S. Patent 6,804,780 B1: System and method for protecting a computer and a network from hostile downloadables

• Full Citation: US Patent 6,804,780 B1, filed November 7, 1997, and issued October 12, 2004.
• Brief Description: This patent discloses a system for protecting a network from suspicious and hostile "Downloadables" such as Java applets and ActiveX controls. The system uses a security policy to inspect and block malicious content at the gateway, before it can reach the client computer. It describes a method of receiving a downloadable, comparing it against a security policy, and discarding it if the policy is violated.
• Potential Anticipation of Claims: This prior art appears to anticipate the broader concepts within the independent claims of the '705 patent, such as monitoring network traffic and taking protective action. Specifically, it could be argued that it anticipates elements of Claim 1, which recites determining if a host is in an "insecure condition" and, if so, preventing it from sending data to other hosts on the protected network. The '780 patent's method of inspecting and blocking hostile downloadables at the network gateway is a form of identifying an insecure condition and taking preventative measures.

2. U.S. Patent 7,010,807 B1: System and method for virus protection of computers on a local area network

• Full Citation: US Patent 7,010,807 B1, filed April 13, 2001, and issued March 7, 2006.
• Brief Description: This patent describes a system where a firewall or other Internet access module enforces an anti-virus policy for client computers on a LAN. The policy can dictate the frequency of anti-virus software updates. Any computer not in compliance with the policy is denied Internet access. The firewall can also push updates to non-compliant clients to bring them into compliance.
• Potential Anticipation of Claims: This patent is highly relevant to the core claims of the '705 patent. It directly addresses the concept of checking a host's compliance with a security policy and restricting its network access if it fails to comply. The '807 patent's system of denying internet access to non-compliant computers and providing updates strongly anticipates the quarantine and remediation steps outlined in Claim 1 and Claim 15 of the '705 patent. The firewall in the '807 patent acts as a quarantine enforcement point, similar to the system described in the '705 patent.

3. U.S. Patent 5,623,600 A: Virus detection and removal apparatus for computer networks

• Full Citation: US Patent 5,623,600 A, filed September 26, 1995, and issued April 22, 1997.
• Brief Description: This patent details a system for detecting and eliminating viruses on a computer network using FTP and SMTP proxy servers. These servers scan all incoming and outgoing files and messages for viruses before they are transferred. If a virus is detected, the file or message is deleted, preventing it from entering or leaving the network.
• Potential Anticipation of Claims: While an earlier technology, the '600 patent discloses the fundamental concept of inspecting data at the network boundary and preventing the transmission of malicious content. This could be seen as anticipating the element of detecting a threat and taking preventative action as recited in Claim 1 of the '705 patent. The proxy servers in the '600 patent perform a function analogous to the initial security check in the '705 patent.

4. NEC Corporation Publication: "Development of PC Quarantine System"

• Publication Date: Believed to be publicly available before the 2005 filing date of the '705 patent.
• Brief Description: This non-patent literature describes a "PC Quarantine System" designed to prevent insecure PCs from connecting to an enterprise network. The system checks the security level of a PC at the time of connection and, if found to be insecure, places it on a quarantine network with limited access. This restricted network allows the PC to receive necessary security patches and updates to meet the required security level before being granted full network access.
• Potential Anticipation of Claims: This document is exceptionally relevant and likely anticipates the core concepts of the '705 patent's independent claims. It explicitly uses the term "quarantine" and describes a system that performs the same essential functions: checking a host's security status upon connection, isolating non-compliant hosts to a restricted network, and providing remediation resources. This publication could be a strong basis for an invalidity argument against Claim 1 and Claim 15 of the '705 patent, as it describes the entire claimed process.

In conclusion, while U.S. Patent 8,234,705 provides a detailed implementation of a contagion isolation and inoculation system, the fundamental concepts of network security, including the inspection of hosts, quarantining of non-compliant devices, and providing remediation, were well-established in the prior art. The cited references, particularly U.S. Patent 7,010,807 and the NEC "PC Quarantine System" publication, appear to disclose many of the key elements of the '705 patent's independent claims, suggesting a strong potential for anticipation.