PTAB

IPR2026-00182

Microsoft Corp v. Qomplx LLC

Log In
Key Events
Petition

1. Case Identification

2. Patent Overview

  • Title: Contextual and Risk-Based Multi-Factor Authentication
  • Brief Description: The ’934 patent discloses systems and methods for performing multi-factor authentication (MFA). The technology determines whether to require additional verification for a user's access request by analyzing historical login data to identify anomalous activity or potential brute-force attacks.

3. Grounds for Unpatentability

Ground 1: Obviousness over Kirti - Claims 1-30 are obvious over Kirti

  • Prior Art Relied Upon: Kirti (Patent 10,063,654).
  • Core Argument for this Ground:
    • Prior Art Mapping: Petitioner argued that Kirti teaches all elements of the challenged claims. Kirti discloses a cloud security system that analyzes historical user login activity to create a "baseline user profile" and then identifies "anomalous activity" relative to that profile, including brute-force attacks. In response to detecting such threats, Kirti’s system implements remedial measures, including requiring "additional steps to authentication" such as "elevated authentication or OTP validation." Petitioner contended that Kirti’s disclosure of analyzing historical data for anomalies (claim 1.7) and then requiring additional authentication steps (claim 1.5) renders claims 1-30 obvious.
    • Key Aspects: The core of this ground is that any implementation details not explicitly taught by Kirti, such as prompting a user to complete the additional authentication and confirming its correctness (claims 1.10-1.11), were well-known techniques that a person of ordinary skill in the art (POSITA) would have found obvious to implement.

Ground 2: Obviousness over Kirti and Coffin - Claims 1-30 are obvious over Kirti in view of Coffin

  • Prior Art Relied Upon: Kirti (Patent 10,063,654) and Coffin (a 2011 book titled Expert Oracle and Java Security).

  • Core Argument for this Ground:

    • Prior Art Mapping: This ground asserted that to the extent Kirti does not explicitly detail certain MFA implementation steps, the 2011 Coffin textbook provides these missing teachings. Petitioner argued that Kirti teaches the high-level concept of detecting anomalous login attempts and triggering "additional steps to authentication." Coffin, a practical guide for securing Oracle systems, expressly teaches the specific implementation details recited in the claims, including selecting an additional verification method from a plurality of options (e.g., SMS, email, pager), prompting the user to enter the provided passcode, and determining whether the user completed the verification correctly. The combination of Kirti's threat detection with Coffin's MFA implementation details allegedly renders all challenged claims obvious.
    • Motivation to Combine: A POSITA seeking to implement the "additional steps to authentication" taught in Kirti (an Oracle-assigned patent) would combine its teachings with Coffin (a textbook on securing Oracle database applications). The motivation was to use a well-known, readily available guide to implement a standard security feature (MFA) that Kirti’s system called for. Both references share the goal of enhancing security, making them a natural pairing.
    • Expectation of Success: A POSITA would have had a reasonable expectation of success because implementing Coffin's detailed, step-by-step instructions for MFA into Kirti's system would have required only predictable and straightforward software modifications.

  • Additional Grounds: Petitioner asserted additional obviousness challenges for claims 10 and 25 (related to virtual machines) based on Kirti and Coffin in further view of Vemulapalli (Patent 9,448,852). Vemulapalli was cited for its express teaching of using virtual machines in cloud computing environments to provide benefits like scalability and reliability, reinforcing the obviousness of implementing Kirti’s cloud-based system using virtual machines.

4. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-30 of the ’934 patent as unpatentable under 35 U.S.C. §103.