Obviousness

As a senior US patent analyst, I will now analyze the obviousness of US patent 9516048 under 35 U.S.C. § 103.

Obviousness Analysis of US Patent 9516048

Standard for Obviousness (35 U.S.C. § 103)

A patent claim is obvious if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art (a "PHOSITA"). This analysis considers the scope and content of the prior art, the differences between the prior art and the claims at issue, and the level of ordinary skill in the pertinent art.

Understanding the Claims of US 9,516,048

The core of US patent 9,516,048 revolves around a method for protecting a network by identifying and quarantining insecure hosts. The key steps recited in the abstract and detailed description include:

1. Detecting an insecure condition on a host attempting to connect to a network. This detection involves contacting a "trusted computing base" on the host.
2. Determining the host's state by checking for a "valid digitally signed attestation of cleanliness." This attestation confirms the host is not infected ("infested") and/or has the necessary software patches.
3. Quarantining the host if no valid attestation is provided. The quarantine mechanism involves re-routing service requests (like web browsing) from the host to a quarantine server.
4. The quarantine server provides a notification page with remediation information, such as links to download necessary patches or antivirus updates.
5. Permitting limited communication for the quarantined host to connect to a specific "remediation host" to remedy its insecure condition.

Analysis of Prior Art and Motivation to Combine

A thorough analysis of the prior art existing before the priority date of September 27, 2004, is required to assess obviousness. While the patent itself does not list its cited prior art, a standard search reveals several key technologies and publications that were well-known in the field of network security at the time. A PHOSITA would have been familiar with concepts such as Network Access Control (NAC), trusted computing, firewalls, and malware remediation techniques.

Let's construct an argument based on a hypothetical combination of prior art references that would have been available before the 2004 priority date.

Hypothetical Prior Art Combination:

• Reference A: A Network Access Control (NAC) system (e.g., Cisco NAC Framework, publicly discussed in the early 2000s). NAC systems were designed to enforce security policies on devices seeking network access. They could check for the presence of antivirus software, specific OS patch levels, and other security posture attributes. If a device was non-compliant, the NAC system would place it into a restricted "quarantine" network.
• Reference B: The Trusted Computing Group (TCG) specifications (e.g., TCG Main Specification version 1.1b, published in 2003). The TCG specifications detailed the architecture for a "Trusted Platform Module" (TPM) and a "trusted computing base." A key feature was the ability for the TPM to perform attestations—cryptographically signed statements about the software and hardware state of a machine. A remote party could challenge the machine to provide an attestation to verify its integrity.
• Reference C: Standard firewall and captive portal technology (widely implemented before 2004). Captive portals were commonly used in public Wi-Fi networks to redirect a user's web browser to an authentication or payment page before granting full network access. This was achieved by intercepting HTTP requests and returning an HTTP redirect to the captive portal's web server.

Motivation to Combine References A, B, and C:

A person having ordinary skill in the art in 2004, such as a network security engineer, would have been motivated to combine these technologies to create a more robust and automated network security system.

1. Problem: The primary problem addressed by both the patent and the prior art was preventing insecure or infected computers from connecting to a trusted network and spreading malware.
2. Limitations of Existing Solutions: Standard NAC systems (Reference A) often relied on client-side agents to report the security state. These agents could be compromised or disabled by malware. A PHOSITA would recognize that this self-reporting mechanism had a significant security flaw.
3. The Obvious Solution: The TCG specifications (Reference B) offered a clear solution to this problem: hardware-rooted trust and cryptographic attestation. A PHOSITA would have seen the TCG's attestation mechanism as a much more secure way to verify a host's state than a simple software agent. It would have been obvious to integrate the trusted attestation from TCG into the policy enforcement framework of a NAC system. The motivation is direct: replace a weak, software-based verification method with a strong, hardware-based one.
4. Implementing Quarantine: Once the NAC system identified a non-compliant host (either through the old agent method or the new, improved attestation method), it needed to quarantine it. The method of quarantine described in the '048 patent—re-routing a web browser to a notification page—was not novel. This was the standard mechanism of captive portals (Reference C). A PHOSITA tasked with implementing the quarantine feature of the NAC system (Reference A) would naturally turn to the well-known captive portal technique. The motivation is one of using a standard, existing tool to implement a required function. The quarantine server in the patent is functionally identical to a captive portal server, providing information and links for remediation instead of for payment or authentication.

Mapping Combined Art to Patent Claims:

• Detecting an insecure condition by contacting a trusted computing base (Claim element 1 & 2): This is directly taught by combining the NAC concept of checking a host's security posture (Reference A) with the TCG's specific mechanism of using a trusted computing base for remote attestation (Reference B). The motivation is to improve the reliability of the security check.
• Quarantining the host by re-routing a service request (Claim element 3): This is taught by the combination of the NAC system's quarantine function (Reference A) and the standard implementation of that function using captive portal technology (Reference C). The motivation is to use a common and effective method to isolate the user and provide instructions.
• Serving a quarantine notification page with remediation information (Claim element 4): This is a direct and obvious implementation of the captive portal (Reference C) in a security context. Instead of a login page, the server provides a page with remediation links. This is an obvious design choice, not an inventive step.
• Permitting communication with a remediation host (Claim element 5): The NAC quarantine VLAN (Reference A) was specifically designed to allow this. The restricted network's firewall rules would be configured to block general internet access but allow connections to specific servers, such as patch management servers (e.g., Windows Update) or antivirus update servers. This was a fundamental feature of NAC quarantine.

Conclusion on Obviousness

The claims of US patent 9516048 would have been obvious to a person of ordinary skill in the art at the time of the invention. The claimed invention represents an integration of three well-known technologies: Network Access Control, Trusted Computing for attestation, and captive portals for browser redirection. A PHOSITA would have been motivated to combine these elements to build a more secure and automated network access system, and would have had a reasonable expectation of success in doing so. The combination addresses the known security weaknesses of earlier NAC systems in a straightforward and predictable manner using the tools and concepts available at the time.