Obviousness

Obviousness Analysis of US Patent 8271802 under 35 U.S.C. § 103

This analysis identifies combinations of prior art references that would render the claims of US patent 8271802 obvious to a person having ordinary skill in the art (PHOSITA) as of the invention's priority date (October 25, 2004).

Important Note on Prior Art Status:
The prior art references, specifically US 2005/0071661 A1 and US 2005/0071676 A1, share the same priority date (October 25, 2004) and common inventorship (Orsini et al.) with US8271802. This strongly suggests they are part of the same patent family (e.g., continuation, divisional, or continuation-in-part applications). If US8271802 validly claims priority to these earlier applications, then these publications would generally not be considered prior art against US8271802 for novelty and non-obviousness purposes, provided the claims are sufficiently supported by the earlier disclosures. However, for the purpose of this exercise, and as instructed, these references will be treated as prior art to demonstrate potential obviousness combinations and motivations, while acknowledging this relationship.

General Motivation for Combination

A PHOSITA in the field of data security and cryptography in 2004 would be keenly aware of the need for robust systems to protect sensitive information (such as user authentication data and cryptographic keys) against unauthorized access and compromise. The common inventorship of the primary cited references (Orsini et al. for US 2004/0073801 A1, US 2005/0071661 A1, US 2005/0071676 A1, and US 6,859,890 B1) indicates a unified inventive effort focused on improving these very aspects. This inherent connection provides a strong, explicit motivation for a PHOSITA to combine elements from these related disclosures to achieve a more comprehensive and secure data handling system. The combination would be driven by the desire to integrate complementary security features, enhance system resilience, and apply best-practice security measures uniformly across all sensitive data types within a trusted environment.

Combination: US 2005/0071661 A1 (Server-Centric Cryptography) in view of US 2005/0071676 A1 (Distributed Data Splitting for Authentication)

This combination represents the most direct and powerful argument for obviousness, as these two references are highly complementary and address core aspects of US8271802.

• US 2005/0071661 A1 (Orsini et al.) discloses a cryptographic system featuring a "trust engine" that stores cryptographic keys and user authentication data, performs cryptographic functions for users without releasing private keys, and includes a depository, an authentication engine, and a cryptographic engine.
• US 2005/0071676 A1 (Orsini et al.) describes a secure authentication system that enhances security by splitting sensitive data (specifically, authentication data) into randomized portions and storing these portions in multiple, potentially geographically remote, data storage facilities. Reconstruction of the original data requires portions from multiple locations.

Motivation to Combine:
A PHOSITA would be motivated to combine the secure server-centric cryptographic architecture of '661 with the robust distributed data splitting and storage techniques of '676. The motivation is to enhance the overall security and fault tolerance of the "trust engine" by applying the advanced data splitting and distributed storage methods (taught in '676 for authentication data) to all sensitive data managed by the system, including both user authentication data and cryptographic keys (as handled by '661). This combination directly addresses the problem of protecting highly sensitive assets against single points of compromise, a common and pressing concern in secure system design. The inventors of both patents clearly recognized these problems and provided related solutions.

Obviousness of Independent Claims:

• Claim 1: A method of securing data comprising:

  • Parsing/splitting data into portions and storing them: Taught by '676, which describes splitting authentication data into independently undecipherable portions and storing them in multiple data storage facilities.
  • Encrypting the data: Taught by '661, which describes cryptographic functions including encryption performed by the trust engine.
  • Reconstituting the data: Implicitly taught by '676, as split data must be reassembled for use.
  • Motivation: A PHOSITA would find it obvious to combine the data splitting and distributed storage mechanism from '676 with the encryption capabilities from '661 to secure any type of data. Applying encryption to the data, either before or after splitting, would be a predictable enhancement to increase the security of the stored portions. The outcome is merely the predictable result of combining known security techniques.

• Claim 12: A data parser system comprising:

  • Data splitting module, data assembly module, and data storage facilities: Taught by '676 for authentication data.
  • Cryptographic handling module: Taught by '661 for performing cryptographic functions.
  • Motivation: To create a comprehensive secure data handling system, a PHOSITA would integrate the cryptographic processing capabilities of the '661 system with the data splitting, assembly, and distributed storage infrastructure of the '676 system. This combination results in a general "data parser system" capable of securely managing various data types through both splitting and cryptographic operations.

• Claim 22: A cryptographic system comprising:

  • Depository system for private keys and enrollment authentication data, an authentication engine, a cryptographic engine, and a transaction engine: These core components, including performing cryptographic functions without releasing private keys, are "directly and comprehensively described" in US 2005/0071661 A1.
  • Enhancement by '676: The '676 patent teaches how to securely store sensitive data by splitting it into portions across multiple, potentially remote, storage facilities.
  • Motivation: To improve the security and resilience of the depository system within the cryptographic system of '661, a PHOSITA would readily apply the data splitting and distributed storage methods taught in '676 to the sensitive data (both enrollment authentication data and private cryptographic keys) stored within the '661 depository. This combination provides a desirable and predictable enhancement to data protection by safeguarding against the compromise of any single storage location.

• Claim 31: A method of facilitating cryptographic functions comprising:

  • Associating a user with keys, receiving/comparing authentication data, and using keys for cryptographic functions without releasing them: Clearly described in US 2005/0071661 A1.
  • Enhancement by '676: The '676 patent provides a method for securely storing the authentication data itself by splitting and distributing it.
  • Motivation: A PHOSITA would integrate the secure storage of authentication data (from '676) into the authentication step of the cryptographic function facilitation method taught in '661. This ensures a more robust and secure authentication process, thereby increasing the overall reliability of the cryptographic functions performed subsequently.

• Claim 40: An authentication system comprising:

  • Data storage facilities storing portions of enrollment authentication data, and an authentication engine with a data splitting module, a data assembling module, and a data comparator module: US 2005/0071676 A1 "substantially describes" and "directly anticipates" this claim.
  • Motivation: Even if not fully anticipated, a PHOSITA, seeing the authentication system described in '661 and the detailed data splitting/assembly for authentication data in '676, would find it obvious to integrate the specific modular components for splitting, assembling, and comparing authentication data into a comprehensive authentication system. The combination results in a predictable improvement in the security of the authentication system.

• Claim 46: A cryptographic system comprising:

  • Data storage facilities storing portions of one or more cryptographic keys, and a cryptographic engine with a data splitting module, a data assembling module, and a cryptographic handling module: US 2005/0071661 A1 describes the cryptographic engine and handling of keys. US 2005/0071676 A1 teaches the concept of splitting sensitive data (authentication data) into portions and storing them securely.
  • Motivation: Given that cryptographic keys are highly sensitive data, and '676 teaches a method for securely storing sensitive data by splitting it into portions, a PHOSITA would find it obvious to apply the data splitting and distributed storage techniques of '676 to the cryptographic keys managed by the cryptographic engine of '661. This extension of a proven secure storage method to another type of highly sensitive data (cryptographic keys) is a predictable design choice for enhancing security and reliability, especially within an integrated system from the same inventors.

• Claim 53: A method of storing data comprising:

  • Receiving data, combining it with random values, creating pairings, and storing these pairings in geographically remote secure data storage facilities: US 2005/0071676 A1 "directly anticipates" this claim.

Secondary Combinations

While the combination of '661 and '676 provides the strongest obviousness arguments, other cited prior art could reinforce or fill minor gaps:

• US 2004/0073801 A1 (Orsini et al.) and US 6,859,890 B1 (Orsini et al.) both disclose methods and systems for biometric authentication and secure storage of biometric data. These would further strengthen the motivation for securely handling and comparing authentication data, particularly biometrics, as discussed in Claims 22, 31, and 40. The principles of securing authentication data in these references align perfectly with the more advanced splitting techniques taught in '676, and their integration with a cryptographic engine from '661 would be a natural progression.

Conclusion:
The combination of US 2005/0071661 A1 and US 2005/0071676 A1, both by the same inventors and addressing highly related security problems, would render the independent claims of US patent 8271802 obvious to a PHOSITA. The motivation to combine these references stems from the clear desire to integrate complementary security features—specifically, server-centric cryptography with robust, distributed, and split storage of sensitive data—to achieve a more comprehensive, resilient, and secure system for managing authentication and cryptographic functions. This combination would yield predictable improvements in data protection, which is a fundamental goal in the art.