Obviousness

Obviousness Analysis of US12231426 under 35 U.S.C. § 103

This analysis aims to identify combinations of prior art references that would render the claims of US patent 12231426 obvious to a person having ordinary skill in the art (POSITA) as of its priority date of October 28, 2015.

Patent US12231426: Contextual and Risk-Based Multi-Factor Authentication

The patent describes a system and method for multi-factor authentication (MFA) that dynamically determines a required verification score based on context and risk associated with a connection request. Users then use a plurality of verification methods to achieve this score and gain access. Key aspects include:

• A multi-dimensional time series data server for monitoring network traffic.
• A directed computation graph module to determine a network traffic baseline and a required verification score.
• Verification methods including sensors, trusted/untrusted parties, video/picture, network monitoring, device ID, and one-time codes.
• The verification score is influenced by factors such as the security level of resources, connection origin, and anomalous behavior.

Prior Art References (from the patent document and previous sections):

The patent itself lists several continuation-in-part applications and a provisional application that serve as prior art for various aspects. These include:

• U.S. patent application Ser. No. 14/925,974, titled "RAPID PREDICTIVE ANALYSIS OF VERY LARGE DATA SETS USING THE DISTRIBUTED COMPUTATIONAL GRAPH," filed on Oct. 28, 2015.
• U.S. patent application Ser. No. 15/237,625, titled "DETECTION MITIGATION AND REMEDIATION OF CYBERATTACKS EMPLOYING AN ADVANCED CYBER-DECISION PLATFORM," filed on Aug. 15, 2016 (though its priority date traces back to earlier applications, the content relevant to cyberattack detection would be pertinent).
• U.S. patent application Ser. No. 15/091,563, titled "SYSTEM FOR CAPTURE, ANALYSIS AND STORAGE OF TIME SERIES DATA FROM SENSORS WITH HETEROGENEOUS REPORT INTERVAL PROFILES," filed on Apr. 5, 2016.
• U.S. Pat. No. 10,742,647 (from Ser. No. 15/790,860, which claims priority to the provisional application 62/574,708 filed Oct. 19, 2017), "CONTEXTUAL AND RISK-BASED MULTI-FACTOR AUTHENTICATION." This seems to be a related patent with a later filing date but earlier provisional priority, and appears to be very similar in subject matter, indicating the concepts were known to the inventors at or before the priority date of the instant patent.

Obviousness Combinations and Rationale:

A POSITA in network security and multi-factor authentication as of October 28, 2015, would have been motivated to combine known elements from various prior art references to arrive at the claimed invention.

Combination 1: Ser. No. 14/925,974 + General MFA Knowledge + Risk-Based Authentication Concepts

• Ser. No. 14/925,974 ("RAPID PREDICTIVE ANALYSIS OF VERY LARGE DATA SETS USING THE DISTRIBUTED COMPUTATIONAL GRAPH"): This reference (filed on the same priority date) discloses a system for rapid predictive analysis of large datasets using a distributed computational graph. This would teach a POSITA the underlying architectural and data processing capabilities for analyzing network traffic data and establishing baselines, as described in US12231426 for its "multi-dimensional time series data server" and "directed computation graph module" (see description of "a system for contextual and risk-based multi-factor authentication" and the method steps (a)-(d) in US12231426). The patent explicitly states that the "multi-dimensional time series data server" monitors and records network traffic data, and the "directed computation graph module" receives this data to determine a network traffic baseline.
• General MFA Knowledge: By 2015, multi-factor authentication was widely used to secure online accounts, employing methods like one-time codes, unique links, and authenticator apps, as acknowledged in the background of US12231426.
• Risk-Based Authentication Concepts: The concept of adjusting authentication requirements based on risk factors (e.g., location, device, anomalous behavior) was a known trend in security to enhance usability while maintaining security. For instance, a system might ask for a second factor only if a login originated from an unusual geographic location or an unrecognized device.

Motivation to Combine: A POSITA would be motivated to combine the robust data analysis and predictive capabilities of Ser. No. 14/925,974 with general MFA and risk-based authentication to create a more intelligent and adaptive security system. The motivation would be to overcome the limitations of traditional MFA, particularly "over-reliance on a single method of delivery" and the need to "dynamically determine the varying amounts of verification needed, based on the context and risks associated with the connection," as explicitly stated as a "need" in US12231426. By using the predictive analysis of network traffic (from Ser. No. 14/925,974) to establish a baseline and detect anomalous activities, the system could dynamically determine a "required verification score" and then prompt for multiple, context-aware verification methods, improving both security and user experience. This directly addresses the problem identified in the background of US12231426.

Combination 2: Ser. No. 15/237,625 + General MFA Knowledge + Risk-Based Authentication Concepts

• Ser. No. 15/237,625 ("DETECTION MITIGATION AND REMEDIATION OF CYBERATTACKS EMPLOYING AN ADVANCED CYBER-DECISION PLATFORM"): This application, filed in August 2016 but likely drawing on earlier priority, discloses a system for detecting and mitigating cyberattacks. This reference explicitly details continuous retrieval and analysis of network traffic data to predict normal usage patterns and identify anomalous activities, such as unusual access attempts or brute-force attacks (see FIG. 2 and accompanying description in US12231426, particularly steps 201 and 205, which are directly related to the cybersecurity functions of business operating system 100). This provides the "cybersecurity functions" mentioned in US12231426 as being used by the server to dynamically determine the required verification score based on whether an access request is anomalous.
• General MFA Knowledge and Risk-Based Authentication Concepts: As discussed above, these were widely known.

Motivation to Combine: A POSITA would be motivated to integrate the sophisticated cyberattack detection capabilities of Ser. No. 15/237,625 with MFA and risk-based authentication. The primary motivation would be to enhance the security of user access by directly tying the authentication strength to the real-time risk assessment derived from network behavior analysis. If the system (drawing from Ser. No. 15/237,625) detects anomalous behavior associated with an access request, it would be obvious to a POSITA to increase the authentication burden, hence requiring a higher "verification score" and more or stronger "plurality of verification methods" as described in US12231426. This combination directly implements the idea of "dynamically determine[ing] a required verification score based at least on the circumstances of the connection... whether the access request is determined to be anomalous using the cybersecurity functions of business operating system 100" (US12231426, description related to server 405).

Combination 3: Ser. No. 15/091,563 + General MFA Knowledge + Diverse Verification Methods

• Ser. No. 15/091,563 ("SYSTEM FOR CAPTURE, ANALYSIS AND STORAGE OF TIME SERIES DATA FROM SENSORS WITH HETEROGENEOUS REPORT INTERVAL PROFILES"): This reference concerns the capture, analysis, and storage of time series data from various sensors. This would provide the technical foundation for integrating diverse sensor data into a system, which is crucial for many of the verification methods listed in US12231426 (e.g., biometric scans via sensors 415a).
• General MFA Knowledge: Basic MFA was already prevalent.
• Diverse Verification Methods: The general concept of using multiple and varied authentication factors was gaining traction to improve security. The patent explicitly lists a "plurality of verification methods" including sensors (biometrics, badge scans), trusted parties, untrusted parties (crowd-sourcing), video/picture, network monitoring, device ID, and one-time codes (415a-g in FIG. 4). While the specific combination might be novel, the individual methods, or at least the idea of leveraging a variety of factors, were generally known or conceptually straightforward in the security domain by 2015.

Motivation to Combine: A POSITA would be motivated to combine the robust sensor data handling of Ser. No. 15/091,563 with MFA principles to enable a broader range of verification options. The motivation would be to create a more resilient MFA system by drawing on a wider array of verifiable attributes, making it harder for an attacker to compromise all factors. For example, knowing that sensor data can be reliably collected and analyzed (from Ser. No. 15/091,563), a POSITA would readily apply this to biometric sensors for authentication, improving the security and flexibility of the MFA system described in US12231426. The idea of using a plurality of verification methods to build up a score would be an obvious way to implement a flexible, risk-adjusted authentication scheme.

Overall Obviousness Rationale:

The core concept of US12231426 is to dynamically adjust MFA requirements based on context and risk, leveraging advanced data analysis of network traffic and diverse verification methods. Many of the building blocks for this invention—robust data analysis, cyberattack detection, handling sensor data, and the general principles of MFA and risk-based authentication—were either present in the cited prior art applications by the same assignee/inventors or were well-known in the field by the priority date.

A POSITA would have found it obvious to combine these known elements to create a more sophisticated and adaptive MFA system. The motivation stems from the recognized "needs" in the art, as articulated within US12231426 itself: to move beyond single-method MFA reliance and to dynamically tailor verification based on real-time risk. The various prior art references provide the specific technical means (e.g., directed computational graphs for baseline determination, network monitoring for anomalous activity, sensor data processing) that a POSITA would integrate into a unified system to achieve this dynamic, risk-based MFA. The overall system, while potentially presenting a more comprehensive solution, largely combines functionalities already described or inherently suggested by the existing body of work from the same inventors and general knowledge in the field.

The fact that US12231426 is a continuation of applications sharing similar titles and subject matter further supports the notion that the inventive concepts evolved from previously disclosed work by the same entity, suggesting that elements were known and incrementally combined or refined.

Therefore, the claims of US12231426 would likely be considered obvious under 35 U.S.C. § 103 given the combinations of the identified prior art references and the clear motivations of a POSITA to address existing shortcomings in MFA by creating more adaptive and context-aware systems.