Obviousness

For an invention to be patentable in the United States, it must be non-obvious under 35 U.S.C. § 103. This means that the differences between the claimed invention and the prior art must be such that the claimed invention as a whole would not have been obvious at the time the invention was made to a person having ordinary skill in the art (PHOSITA) to which the claimed invention pertains. The obviousness analysis involves considering the scope and content of the prior art, the differences between the prior art and the claims, the level of ordinary skill in the pertinent art, and secondary considerations of non-obviousness.

US patent 9135456 describes a "Secure data parser method and system." The core of the invention involves securing data by parsing and splitting it into multiple portions, which are then stored or communicated distinctly. Encryption of the original data, the portions, or both, may be used for additional security. The system also includes a "trust engine" that stores cryptographic keys and user authentication data, performing cryptographic functions without releasing the actual keys to users.

Based on the provided information, the following combinations of prior art references could potentially render claims of US9135456 obvious:

1. Combination of general data security techniques (encryption, splitting) with secure server-centric key management:

• Prior Art: The concept of protecting data by transforming it into an unreadable format (encryption) is a fundamental aspect of cryptography. Public key systems using a public and private key pair are also well-established.- The patent itself states that "Cryptography in general, refers to protecting data by transforming, or encrypting, it into an unreadable format." Additionally, the idea of splitting data into two or more parts or portions for security is explicitly mentioned as an aspect of the present invention, implying a recognition of its general utility.
• Combination: A PHOSITA, aware of general cryptographic practices including encryption and data splitting, would be motivated to combine these techniques with a secure, server-centric key management system. The patent highlights the drawbacks of traditional key management, such as "key migration" and inadequate security with simple login/password access, which often exposes private keys.- A trust engine that stores cryptographic keys and user authentication data on a server, and performs cryptographic functions without releasing the keys, directly addresses these known problems., This combination would be a logical step to enhance data security by centralizing key management and preventing key exposure, which are recognized problems in the field.

Motivation for Combination: The motivation would stem from the desire to overcome the recognized security vulnerabilities associated with user-controlled or less-secure key storage. By combining the known techniques of data parsing/splitting and encryption with a robust, server-side key management system, a PHOSITA would aim to create a more secure and reliable method for protecting sensitive data, particularly cryptographic keys and authentication data. The explicit problem of "key migration" and the inadequacy of simple login/password security, as described in the patent, would strongly motivate a PHOSITA to explore solutions involving centralized, highly secure key storage and usage without direct key exposure to users or client devices.-,,

2. Combination of data splitting and geographically remote storage with redundancy for fault tolerance and enhanced security:

• Prior Art: The patent describes a method of splitting data into portions, where the original data is not recreatable from an individual portion. It also discusses storing these portions in multiple data storage facilities, including geographically remote ones.,, Furthermore, the concept of redundancy to ensure functionality even if some storage facilities are inoperative is present. Error detection and correction by redundancy in data representation, such as using checking codes and parity data in RAID systems, are also listed as classifications for the patent, indicating these are known concepts in the prior art.
• Combination: A PHOSITA would be motivated to combine data splitting with geographically remote and redundant storage to enhance both security and reliability. Distributing undecipherable portions of data across physically separated locations, where multiple portions are needed for reconstruction, directly addresses the risk of compromise of a single storage facility., The knowledge of fault-tolerant systems (like RAID) that use redundancy for data integrity would further motivate a PHOSITA to apply similar principles to distributed secure data storage.

Motivation for Combination: The motivation would be to achieve a higher level of data security and availability. The patent explicitly states that distributing sensitive data into distinct and independent storage facilities, some or all of which may be geographically separated, provides "redundancy along with additional security measures." The challenge of subverting multiple independent, geographically remote data storage facilities, even for a "rogue employee," highlights the security benefits. The application of redundancy, a known concept from fault-tolerant systems, to enhance the reliability of accessing the split data would also be a clear motivation.

3. Combining biometric authentication with server-side processing for secure authentication:

• Prior Art: The use of biometrics for identification (e.g., fingerprints, speech) checked by automated systems is acknowledged. However, the patent also notes the drawbacks of storing biometrics and keys on mobile devices, including loss, theft, and susceptibility to compromise.- The patent's classification also includes "Network architectures or network communication protocols for network security for authentication of entities using certificates" and "based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint," indicating known authentication methods.
• Combination: A PHOSITA would be motivated to combine biometric authentication with server-side processing to mitigate the risks associated with client-side storage and to provide a more secure and reliable authentication process. By having the trust engine receive biometric data from the user and compare it to enrollment authentication data stored in the secure depository, without the user's private key leaving the trust engine, the system addresses the identified vulnerabilities of mobile biometric systems.-,-

Motivation for Combination: The motivation is to overcome the security weaknesses of client-side biometric and key storage. The patent specifically points out that "the foregoing mobile biometric cryptographic system still suffers from a variety of drawbacks", including loss or theft of devices and compromise through open systems. By processing authentication data and performing cryptographic functions on a secure server ("trust engine") and not releasing sensitive data or keys, a PHOSITA would be motivated to create a more robust authentication system that addresses these known vulnerabilities.

It's important to note that a full obviousness analysis would require a detailed examination of each claim of US9135456 against the specific disclosures of identified prior art references and a determination of the PHOSITA's level of skill at the priority date of October 25, 2004. Secondary considerations of non-obviousness, such as commercial success or long-felt but unsolved needs, would also be considered if presented.