Can you patent a hack? The U.S. Patent and Trademark Office seems to think so. Mirage Networks has been granted patent No. 7,124,197 for its description of techniques such as ARP poisoning to control access to protected network devices.
But ARP poisoning, which lets one host intercept traffic intended for another, isn't a new idea. In fact, it predates Mirage's patent application (filed in 2002) by at least five years, and several NAC (network access control) vendors use it. Now, with patent in hand, Mirage has the power to extract license fees or launch lawsuits. The company says competitors should investigate carefully to ensure they aren't infringing.
Stacey Lum, CEO of InfoExpress, a NAC vendor, isn't worried. He says he believes his product differs enough to insulate InfoExpress from a lawsuit. He suggests the patent validates the importance of NAC. Of course, InfoExpress has patents of its own that Lum hopes to see approved this year.
Mirage's patent is further evidence that the USPTO is seriously flawed. Given that patents must be "nonobvious," does combining ARP poisoning with access control really qualify? The Supreme Court's forthcoming ruling on obviousness in patents (in the case of KSR International v. Teleflex) may cause repercussions across the patent landscape. NAC is supposed to protect against rogue endpoints, but it seems there's little protection against a broken patent office. --Jordan Wiens, [email protected]