Obviousness

Obviousness Analysis of US Patent 12218934 under 35 U.S.C. § 103

This analysis assesses the obviousness of US Patent 12218934 ("Contextual and risk-based multi-factor authentication") under 35 U.S.C. § 103, considering the provided patent text and its cited prior art. The patent addresses the problem of over-reliance on a single method of multi-factor authentication (MFA) and the need for a system that dynamically determines verification requirements based on context and risk.

The independent claims of US12218934 are:

• Independent Claim 1 (System Claim): A system comprising a multi-dimensional time series data server (MTSDS) to monitor, record, and serve network traffic data; and a directed computation graph module (DCGM) to receive this data, determine a network traffic baseline, and determine a required verification score for user access based on the baseline. The user then uses a plurality of verification methods to build up the required score to gain access.
• Independent Claim 7 (Method Claim): A method involving steps of monitoring, recording, and serving network traffic data with an MTSDS; receiving this data and determining a network traffic baseline with a DCGM; determining a required verification score based on the baseline; and requiring a user to use a plurality of verification methods to earn enough score for access.

The effective priority date for the core subject matter of US12218934 traces back to at least October 28, 2015, through its chain of priority claims to U.S. patent application Ser. No. 14/925,974.

Identification of Prior Art and Their Teachings

Several prior art references, particularly those within the patent's own family and explicitly incorporated by reference, disclose components and functionalities highly relevant to the present invention:

1. U.S. Pat. No. 10,248,910 (US10248910B2), titled "DETECTION MITIGATION AND REMEDIATION OF CYBERATTACKS EMPLOYING AN ADVANCED CYBER-DECISION PLATFORM," filed on August 15, 2016, and claiming priority back to U.S. patent application Ser. No. 14/925,974 filed on October 28, 2015. This patent describes a system (a business operating system 100) that continuously retrieves and stores network traffic data using a "multidimensional time series data store 120". This system analyzes captured data to predict normal usage patterns and formulate a "continuously evolving baseline network usage profile". It further describes the analysis of network traffic and usage patterns using a "directed computational graph module 155" to detect "anomalous activities" to that baseline.
2. U.S. Pat. No. 10,204,147 (US10204147B2), titled "SYSTEM FOR CAPTURE, ANALYSIS AND STORAGE OF TIME SERIES DATA FROM SENSORS WITH HETEROGENEOUS REPORT INTERVAL PROFILES," filed on April 5, 2016, and also claiming priority to U.S. patent application Ser. No. 14/925,974. This patent details the functionality of a "Multiple dimension time series data store module 120" for receiving and storing streaming data from various sensors, including network service information captures. This directly supports the "multi-dimensional time series data server" component of US12218934.
3. U.S. patent application Ser. No. 14/925,974 (US20170124464A1), titled "RAPID PREDICTIVE ANALYSIS OF VERY LARGE DATA SETS USING THE DISTRIBUTED COMPUTATIONAL GRAPH," filed on October 28, 2015. This application, the earliest priority document, generally describes the use of distributed computational graphs for analyzing large datasets, which underpins the "directed computation graph module" used for baseline determination and anomaly detection.
4. General Knowledge of Multi-Factor Authentication (MFA): The background section of US12218934 explicitly states, "Multi-factor authentication (MFA) is widely used today as an additional verification step often used in conjunction with a traditional login and password as a way to further secure a user's online accounts. MFA methods commonly used today includes one-time use codes sent to a user's mobile device or email, confirming through a uniquely generated link sent to the user, or using authenticator devices and apps that generate a code on-demand". This confirms that the concept of MFA and various verification methods were well-known prior art.
5. General Knowledge of Risk-Based Authentication: Prior to 2015, the concept of adjusting authentication requirements based on the assessed risk of an access attempt (e.g., unusual location, unknown device, access to sensitive resources) was a recognized practice in network security.

Obviousness Combination and Motivation

A person having ordinary skill in the art (PHOSITA) in network security, around the earliest priority date of October 28, 2015, would have found the invention of US12218934 obvious by combining the teachings of:

• US10248910B2 (and its underlying priority applications like US14/925,974 and US10204147B2), which collectively describe a sophisticated system for real-time network traffic monitoring, baseline establishment, and anomaly detection.
• General knowledge of MFA systems and their various verification methods.
• General knowledge of risk-based authentication approaches.

Motivation for Combination:

The motivation for a PHOSITA to combine these prior art elements is explicitly articulated in the "Background of the Invention" section of US12218934: "What is needed is a system that uses a combination of verification methods so that over-reliance on a single, and possibly compromised, method is eliminated. Such a system should be able to dynamically determine the varying amounts of verification needed, based on the context and risks associated with the connection."

Specifically, the motivation would arise from:

1. Enhancing Security through Dynamic Risk Assessment: The network traffic monitoring, baseline analysis, and anomaly detection capabilities described in US10248910B2 provide a robust mechanism for assessing the real-time risk associated with an access request. A PHOSITA would be motivated to integrate this detailed risk assessment into existing MFA processes to strengthen security. If an access attempt deviates from a normal baseline (e.g., unusual origin, time, or resource access patterns), the system should respond with a commensurately higher authentication requirement.
2. Improving User Experience: Conversely, for routine, low-risk access attempts (e.g., a user accessing common resources from a known device within the corporate network during business hours), a PHOSITA would seek to reduce unnecessary authentication friction. By dynamically adjusting the "required verification score" based on a low-risk assessment from the network monitoring system, the user could achieve access with fewer or simpler verification methods, optimizing the user experience without compromising security.
3. Overcoming Limitations of Static MFA: The patent itself highlights the "fault" of "over-reliance on a single method of delivery" in conventional MFA. A PHOSITA, aware of this limitation, would find it obvious to use a "plurality of verification methods" and a "points-based system" where different methods contribute varying "verification points" to achieve a dynamically determined "required verification score". This directly addresses the vulnerability of a single, compromised factor by requiring a combination of factors, potentially of different types and strengths, based on the assessed risk.

Application to Claims 1 and 7:

The elements of Claims 1 and 7, concerning the MTSDS for monitoring network traffic, the DCGM for determining a network traffic baseline, and the subsequent determination of a required verification score, are directly taught or rendered obvious by US10248910B2 and related priority documents. The further step of requiring a user to use a plurality of verification methods to accumulate enough points for access is an obvious application of known MFA principles, enhanced by the dynamic risk assessment provided by the underlying network monitoring and analysis system. The specific verification methods detailed in US12218934 (e.g., biometrics, device ID, one-time codes) are also acknowledged as known in the art.

Therefore, a PHOSITA, faced with the recognized problem of inflexible and potentially insecure MFA systems, would have been motivated to combine the robust network traffic analysis and anomaly detection capabilities available in the prior art (e.g., US10248910B2, US10204147B2, US14/925,974) with existing MFA and risk-based authentication principles to create a system that dynamically adjusts authentication requirements based on real-time contextual and risk factors. This combination would lead to the claimed system and method in US12218934 with a reasonable expectation of success.