A US Patent?
Hmmm...
Kim Dotcom has claimed the invention of two-factor authentication, and says he has the patent to prove it. The loquacious baron of internet cloud locker Mega announced in a tweet on Wednesday that he is the inventor of two-factor authentication, just hours after Twitter announced support for the security measure. Dotcom …
I've always liked this one:
http://amadeatravel.files.wordpress.com/2012/03/funny-world-map-as-america-sees-it.jpg
Canada: Shitty Music and Bears
USA: Freedom and Jesus
Central America: Tequila and Porn (the bad kind)
South America: Drugs and Supermodels
.... you get the idea : D
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
Well from my own experience the patent clerk inserts/suggests those references. Patents clerks look for similar patents and essentially mention everything they find, no matter how bogus.
So being quoted many times in patents doesn't mean it's a novel idea or anything. It just means that it's something that seems relevant to a lot of other patents.
>Patents clerks look for similar patents and essentially mention everything they find, no matter how bogus.
Wow but the one job they are supposed to do (ascertain the validity of the patent) they fail miserably at. Guess they have to justify all that money they take for patents with some kind of work. Take their money and let the lawyers decide it. Typical.
>Thus, the supposed "two-factor authentication" patent is patently invalid. Which is my only point in this thread, other than the fact that Herr Schmitz is a putz.
I would agree with both points but with caveats. The patent is invalid but because patents on math and software (ultimately also math) are immoral and unethical. Dotcom does seem to be a douche but that does not justify AG Holder being his usual asshat self and pulling Stasi like tactics. Obama biggest weakness is not knowing when to tell his incompetent Chicago and Harvard cronies to take a hike (ie W Bush syndrome).
While I dislike software patents, it is bollocks to claim that all software is maths and thus should not be patentable.
That Turing bloke showed that all software is equivalent to a machine (a mechanical thing). Surely therefore the same laws that apply to mechanical items should also apply to software?
Physicists tell us that all mechanics stuff is just maths. Perhaps on that basis we should not allow any mechanical stuff to be patented?
I have not seen any convincing argument that software should not be patentable, but other things should be. It seems to me that either:
* Software should be patentable
-or-
* Nothing should be patentable.
In embedded systems it becomes a lot more complicated. Micro controllers (ie. software) are replacing what was previously mechanical control logic in washing machines, cars etc. If someone has a patent for "gear changing when torque reaches a threshold" should it be possible to bypass the patent if the algorithm is moved from a mechanical or electronic mechanism to software?
Sure, USPTO really struggles to understand the complexity in software patents and issues a lot of crap patents, but that is just USPTO failing to execute - it is not a fundamental software vs other stuff issue.
That Turing bloke showed that all software is equivalent to a machine (a mechanical thing).
No he didn't, otherwise I could create a machine by thinking up some simple rules in my head.
Funnily enough, a machine is a physical thing, and software is only physical in the sense that it exists as state changes. Software is math and logic, and you're using faulty logic to play right into the psychopathic IP brigade's trap.
About microcontrollers? They are just small computers. With software. Which should not be patentable.
>Do you even know what "two-factor authentication" is, asdf?
Here is your definition smart guy. Wonder how many times that attitude has cost you getting laid. "But you're going to go through life thinking that girls don't like you because you're a nerd. And I want you to know, from the bottom of my heart, that that won't be true. It'll be because you're an asshole."
Two-factor authentication requires the use of two of the three authentication factors. The factors are identified in the standards and regulations for access to U.S. Federal Government systems. These factors are:
Something the user knows (e.g., password, PIN, pattern);
Something the user has (e.g., ATM card, smart card, mobile phone); and
Something the user is (e.g., biometric characteristic, such as a fingerprint).
Ad hominem doesn't work on me, ta you very much. Thirty years of Usenet & Mailinglist moderation will do that to a guy. But if you get off on it, who am I to argue? Enjoy :-)
A padlock system is "something you have" and "something you know". A lock & key. Both of which existed thousands of years before Herr Schmitz. Thus, the supposed "two-factor authentication" patent is patently invalid. Which is my only point in this thread, other than the fact that Herr Schmitz is a putz.
As for my sex life ... Happily married for decades. That's all you need to know. Other than the fact that I strongly suggest that the only person's sex life that you should be worried about is that of your partner (or partners), followed by yourself. The rest of the planet's life is none of your business.
I knew about the specific electronic version like I said as i have a fob for one my accounts but am sure the patent lawyers would tell you that specific details matter more than the general concept. Its how Apple gets away with the nonsense they do. As for Schmitz like I said but deleted he is is no martyr but the US government is sure trying to make him look like one.
Correct. Jake is embarrassing himself by repeatedly insisting he's right when he's demonstrably not.
* A padlock opened only by a key (something you have) is 1-factor authentication.
* A padlock opened only by a pin (something you know) is 1-factor authentication.
* If you had a padlock with both, *that* would be two-factor authentication.
Claiming that the lock itself is a factor if authentication is just plain wrong: Making a payment with your chip & PIN card is 2-factor auth. Making a payment with a NFC 'tap to pay' card is 1 factor auth.
*Waits for Jake's downvote*
The lock is not a secret. In fact the lock is usually in a prominent location so that people can't access said location (i.e. your garage door, shed door, trunk, etc.). In the event the padlock is part of the secret, then it's probably not securing your property very well.
Traditionally usernames and email addresses are considered to be public knowledge because they are used for so many things they might as well be. It's the passwords that need to be kept secret as they prove to the system that you are the person that's trying to log on with that user name. The second factor takes this one step further by giving you something you know (the password) and something you have (the code generator). As others have mentioned above chip and pin is 2 factor as it's something you have (the card) and something you know (the pin).
A common form of 2 factor authentication is to have a front door with both a yale lock and a chubb lock on it. Or a combination lock and chubb. And there the convenience of the real world shows itself as in the physical world the user can usually activate 1 or more factors depending on convenience as long as they do it in advance.
> It's the knowing of where the lock is,
Not in any sane security system it's not. That's commonly called security through obscurity.
Rule #1: always assume the bad guys know where your stash is, and what algorithms you are using to protect it.
So according to you any website using a simple password has two factor authentication. One being the password and the second knowing where the site is and how to use it. Leave out the password and you still have one factor authentication. Somehow that doesn't seem to make any sense.
Somebody alert Wiki their definition is wrong.
Something the user knows (e.g., password, PIN, pattern);
Something the user has (e.g., ATM card, smart card, mobile phone); and
Something the user is (e.g., biometric characteristic, such as a fingerprint).
>Somebody alert Wiki their definition is wrong.
Not sure if ripping on me for using Wikijoke as my source or Jake for calling me out and making himself look like an ass. Either way in retrospect this is the least favorite article I have posted on in weeks. As painful as posting on LP climate science hatchet piece.
This post has been deleted by its author
He may be a douche but its not like the US government hasn't abused its power lately, ignoring things like due process, rule of law and respecting other countries sovereignty. Ends justify the means is a great attitude until you are the wrong side of it. Ask the tea party folks.
Funny thing about Tea Party folks ... whenever I spend any time around them here in Sonoma, they actually do seem to discuss dodging taxes wherever possible. Not even the Republicans are that blatant about it. Not certain what that means in the great scheme of things, this is only a testimonial & I'm only a sample of one.
My bank did 2-factor authentication for online banking already back in about 1990 (may have been a few years before even) with a simple and effective scheme that they still use with minor only modifications: you have a userid (a 8-digit string, not your account number, the "something you know"), and a 4-digit one-time code you pick sequentially from a list they send you on paper (the paper is the "something you have", since nobody except an autistic savant can be expected to memorize hundreds of codes).
The designers of the system were quite prescient, I think: It has been quite resistant to phishing. It is harder to convince someone to type a lot of codes into a mail to a fake system administrator claiming to need them.
Kim Dotcom claims there was no possible way for ripped movies to be stored on Megaupload, because the filsize limit was 100Megs.
Kim Dotcom expects people with IT knowledge to accept that he has never encountered archive volumes.
Kim Dotcom says a lot of things - some of them may be true.. But some of them are certainly bullshit.
*isn't* two-factor auth so much as a method of achieving it, but it's not really two-factor auth, because there device *connects* to the thing you're authing with so really it's one-factor. Certainly doesn't describe anything like how google authenticator works if that's what he's claiming. His argument is that the thing you know in the patent is the access to the device itself (phone pin) as opposed to your actual normal login, which is precisely why it *isn't* two factors - the "second factor" is really just the security of the first factor, which does not actually make a second factor at all.
Also not for nothing, but it's clear nobody bothered to proof-read the document because it's full of typos that change the actual meaning of the patent. Why anybody would cite it is beyond me.
"establishing a connection between the data input apparatus and a receiver unit upon verification of the validity of the authorization signal." - if anything this is just plain old fashioned login. Think there's a few patents that predate this.
I would think that the implementation used in modern ATMs would predate this patent by some time. The two factor authentication would be something you have (bank or credit card) combined with something you know (PIN or other passcode). These things were all patented, I believe, as they were invented although it is anybody's guess as to who holds the patents now or if they have expired.