Obviousness

Obviousness Analysis (35 U.S.C. § 103)

The obviousness of US Patent 8,543,710's independent claims (1, 8, and 15) is analyzed by combining teachings from the identified prior art references: US20030055994A1 (Zone Labs), US6219706B1 (Cisco), and US6636894B1 (Nomadix). A person having ordinary skill in the art (POSITA) at the time of the invention (priority date March 10, 2004) would have been motivated to combine these references to achieve a more comprehensive and user-friendly network quarantine and remediation system.

Due to the structural similarity of the independent claims, the analysis will focus on Claim 1 (method claim), and the conclusions will apply equally to Claim 8 (computer program product) and Claim 15 (network access gateway device).

Combination: Zone Labs (US20030055994A1) + Cisco (US6219706B1) + Nomadix (US6636894B1)

Claim 1 Breakdown and Prior Art Mapping:

1. "at a network access gateway device between a local network and the Internet,"
* Cisco (US6219706B1): Discloses the use of "network devices like routers" for "controlling access to network resources," which inherently describes a network access gateway.
* Nomadix (US6636894B1): Explicitly describes a "network access gateway" that manages client access to an outside network.
* Rationale: Both Cisco and Nomadix clearly teach the operation of a gateway device between a local network and a broader network like the Internet.

2. "selecting a client device in a first network segment of the network;"
* Zone Labs (US20030055994A1): Teaches "identifying compromised client machines" and subsequently "enforcing security policies across a network" on these identified devices. This process directly involves selecting a client device for special handling.
* Rationale: Zone Labs provides the motivation and mechanism for identifying and selecting a client device based on its behavior (e.g., malware infection).

3. "performing a plurality of quarantine control functions over the client device, wherein the plurality of quarantine control functions comprises:"
* Zone Labs (US20030055994A1): Teaches "limiting their network access to protect other machines or prevent the spread of infection" from compromised clients. This directly encompasses the general concept of "quarantine control functions."
* Motivation: A POSITA, having identified a compromised client using Zone Labs's teachings, would be motivated to perform "quarantine control functions" to mitigate the threat, as clearly articulated by Zone Labs.

**a) "restricting all network traffic emanating from the client device to one or more network destination addresses that are not in or subordinate to the first network segment;"**
    *   **Cisco (US6219706B1):** Discloses using "access control lists (ACLs) on network devices like routers" to "filter network traffic based on various criteria, including source/destination IP addresses." This effectively restricts traffic to specified network destination addresses.
    *   **Motivation:** To implement the "limiting network access" described by Zone Labs for a quarantined client, a POSITA would readily apply well-known network filtering technologies, such as Cisco's ACLs, to restrict outbound traffic to a predefined set of "safe" external destinations. This is a standard practice for creating a "walled garden" for security purposes, confining a potentially malicious client to non-threatening network resources (e.g., update servers).

**b) "restricting all network traffic emanating from the client device to an allowed network destination address to selected one or more network protocols; and"**
    *   **Cisco (US6219706B1):** Teaches using "ACLs to filter network traffic based on various criteria, including... specific protocols/ports." This directly restricts traffic to selected network protocols.
    *   **Motivation:** Extending the quarantine control, a POSITA would also be motivated to restrict the types of network protocols allowed, even to the permitted "safe" destinations. For instance, allowing only HTTP/HTTPS for downloading patches while blocking other potentially harmful protocols (e.g., FTP, P2P) would be a logical and obvious step to enhance security and further constrain the compromised client, using standard firewall/ACL capabilities as taught by Cisco.

4. "rendering a web page to display on the client device from the network access gateway device, wherein the web page contains an offer for a user of the client device to perform an action in order to obtain unrestricted access to the Internet responsive to implementation of one of the plurality of quarantine control function of the client device."
* Nomadix (US6636894B1): Discloses a "network access gateway that intercepts traffic from client devices and redirects initial web requests to a specific web server... to display an informational or authentication page." This page "offers choices of action (e.g., login, payment) before full, unrestricted network access is granted."
* Motivation: After implementing the quarantine (as enabled by Zone Labs and Cisco), a POSITA would be motivated to integrate Nomadix's user notification and remediation mechanism. Simply blocking traffic without explanation leads to user frustration and increased support burden. Nomadix provides a solution for communicating with the user through a gateway-rendered web page, informing them of their restricted status and offering specific actions (e.g., running a scan, applying a patch from an allowed "walled garden" destination) to regain full internet access. This improves the usability and effectiveness of the quarantine system by providing a self-service path to resolution.

Motivation for Combination:

A POSITA would be motivated to combine the teachings of these references to create a comprehensive and effective network security solution for managing compromised client devices.

1. Zone Labs provides the "why" and "what": It highlights the problem of aberrant client behavior (e.g., malware infection) and the need for a system to "detect and limit abnormal or abusive use of network resources" through measures like "limiting their network access." This establishes the primary motivation for developing a quarantine system.
2. Cisco provides the "how" for technical enforcement: Given the need to limit network access, a POSITA would naturally turn to established and flexible network access control technologies, such as the ACLs described by Cisco, to implement the necessary destination and protocol restrictions at the network gateway. This is a logical application of existing network security tools to address the problem identified by Zone Labs.
3. Nomadix provides the "how" for user interaction and remediation: Once a client is quarantined, a purely restrictive approach is often insufficient. Nomadix offers a well-known method for a gateway to interact with users, providing information and offering a path to re-establish full access. A POSITA would be motivated to integrate this user-facing component into the quarantine system to guide users toward resolving their issues (e.g., by directing them to anti-virus sites within the permitted "walled garden") and thus expedite their return to unrestricted network access, improving both security and user experience.

Therefore, combining these references would not have required undue experimentation or inventiveness but rather a straightforward application of known techniques to address a recognized problem in network security.

Obviousness of Dependent Claims (2-7, 9-14, 16-20)

Since the independent claims (1, 8, 15) are rendered obvious by the combination of Zone Labs, Cisco, and Nomadix, their dependent claims would also be obvious. The dependent claims merely add conventional details or elaborations that a POSITA would readily implement in such a system:

• Claims 2, 9, 16 (Action requires abnormal behavior scanning software): Zone Labs already teaches detecting abnormal behavior and mentions "malicious software." Requiring a user to obtain and execute scanning software (e.g., from an allowed destination in the walled garden) to resolve abnormal behavior is a common and obvious remediation step.
• Claims 3, 10, 17 (Evaluating network traffic after scanning/mitigation): It is an obvious and necessary step in a quarantine system to re-evaluate a client's network traffic after remedial actions to determine if unrestricted access can be restored.
• Claims 4, 11, 18 (Filtering network traffic to limit packet flow): This is explicitly taught by Cisco's use of ACLs for traffic filtering.
• Claims 5, 12, 19 (Routing network traffic to limit packet traversal): Network routing technologies are a well-known alternative or complementary means to limit packet traversal, and a POSITA would readily apply them in conjunction with filtering for comprehensive control, as generally discussed in the patent's description regarding network firewall, traffic filtering, and routing technologies.
• Claims 6, 13, 20 (Restricting traffic to network destination addresses in network segments not in or subordinate to the first network segment): This merely clarifies the "walled garden" concept and is an inherent aspect of directing traffic to external, pre-approved destinations as taught by Cisco or Ludvig in the context of network access control.
• Claims 7, 14 (Performing all of the plurality of quarantine control functions): If the individual functions are obvious, performing all of them together as a robust quarantine system would also be obvious.

Conclusion

The combination of US20030055994A1 (Zone Labs), US6219706B1 (Cisco), and US6636894B1 (Nomadix), with clear motivations for a POSITA to combine their teachings, would render all claims of US Patent 8,543,710 obvious under 35 U.S.C. § 103. These references collectively disclose or suggest all the elements of the independent claims, and a POSITA would have been motivated to combine them to create a functional, comprehensive, and user-interactive network quarantine and remediation system.