back to article Kim Dotcom claims invention of two-factor authentication

Kim Dotcom has claimed the invention of two-factor authentication, and says he has the patent to prove it. The loquacious baron of internet cloud locker Mega announced in a tweet on Wednesday that he is the inventor of two-factor authentication, just hours after Twitter announced support for the security measure. Dotcom …

COMMENTS

This topic is closed for new posts.
  1. JeffyPooh
    Pint

    A US Patent?

    Hmmm...

    1. asdf
      Joke

      Re: A US Patent?

      When this is your world map why would you patent anywhere else?

      http://jp.senescence.info/comedy/bush_world_map.html

      http://strangemaps.files.wordpress.com/2006/12/298202156_73e54012fa_b.jpg

      1. deadlockvictim
        Joke

        Re: A US Patent?

        I think that the map behind Donald Rumsfeld is more representative.

        http://www.theonion.com/articles/relations-break-down-between-us-and-them,715/

        1. Dave 126 Silver badge

          Re: A US Patent?

          I've always liked this one:

          http://amadeatravel.files.wordpress.com/2012/03/funny-world-map-as-america-sees-it.jpg

          Canada: Shitty Music and Bears

          USA: Freedom and Jesus

          Central America: Tequila and Porn (the bad kind)

          South America: Drugs and Supermodels

          .... you get the idea : D

  2. jake Silver badge

    This plonker claims to have invented the common or garden padlock?

    OK. If he says so ... One more reason to ignore the dude in my mind.

    Hint to Herr Schmitz: Seek help. You have serious mental issues.

    1. This post has been deleted by its author

      1. jake Silver badge

        @asdf (was: Re: This plonker claims to have invented the common or garden padlock?)

        Do you even know what "two-factor authentication" is, asdf?

        1. asdf

          Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

          Yes its what RSA showed the world how not to do it. I have it for my E*Trade account. The Dotcom saga goes a lot deeper than this latest patent.

          1. jake Silver badge

            Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

            Oh. So you don't know. Might want to read up on it before you insert your foot a trifle further.

            1. This post has been deleted by its author

            2. This post has been deleted by its author

              1. Christian Berger

                Re: @asdf (was: This plonker claims to have invented

                Well from my own experience the patent clerk inserts/suggests those references. Patents clerks look for similar patents and essentially mention everything they find, no matter how bogus.

                So being quoted many times in patents doesn't mean it's a novel idea or anything. It just means that it's something that seems relevant to a lot of other patents.

                1. asdf

                  Re: @asdf (was: This plonker claims to have invented

                  >Patents clerks look for similar patents and essentially mention everything they find, no matter how bogus.

                  Wow but the one job they are supposed to do (ascertain the validity of the patent) they fail miserably at. Guess they have to justify all that money they take for patents with some kind of work. Take their money and let the lawyers decide it. Typical.

                  1. asdf

                    Re: @asdf (was: This plonker claims to have invented

                    Sorry for deletes but got rid of any of my off topic posts or just plain nothing but nasty attack posts plus ended up double posting. A damn mess I made.

                    1. asdf

                      Re: @asdf (was: This plonker claims to have invented

                      >Thus, the supposed "two-factor authentication" patent is patently invalid. Which is my only point in this thread, other than the fact that Herr Schmitz is a putz.

                      I would agree with both points but with caveats. The patent is invalid but because patents on math and software (ultimately also math) are immoral and unethical. Dotcom does seem to be a douche but that does not justify AG Holder being his usual asshat self and pulling Stasi like tactics. Obama biggest weakness is not knowing when to tell his incompetent Chicago and Harvard cronies to take a hike (ie W Bush syndrome).

                      1. Charles Manning

                        Where's te logic to treat software patents differently?

                        While I dislike software patents, it is bollocks to claim that all software is maths and thus should not be patentable.

                        That Turing bloke showed that all software is equivalent to a machine (a mechanical thing). Surely therefore the same laws that apply to mechanical items should also apply to software?

                        Physicists tell us that all mechanics stuff is just maths. Perhaps on that basis we should not allow any mechanical stuff to be patented?

                        I have not seen any convincing argument that software should not be patentable, but other things should be. It seems to me that either:

                        * Software should be patentable

                        -or-

                        * Nothing should be patentable.

                        In embedded systems it becomes a lot more complicated. Micro controllers (ie. software) are replacing what was previously mechanical control logic in washing machines, cars etc. If someone has a patent for "gear changing when torque reaches a threshold" should it be possible to bypass the patent if the algorithm is moved from a mechanical or electronic mechanism to software?

                        Sure, USPTO really struggles to understand the complexity in software patents and issues a lot of crap patents, but that is just USPTO failing to execute - it is not a fundamental software vs other stuff issue.

                        1. M Gale

                          Re: Where's te logic to treat software patents differently?

                          That Turing bloke showed that all software is equivalent to a machine (a mechanical thing).

                          No he didn't, otherwise I could create a machine by thinking up some simple rules in my head.

                          Funnily enough, a machine is a physical thing, and software is only physical in the sense that it exists as state changes. Software is math and logic, and you're using faulty logic to play right into the psychopathic IP brigade's trap.

                          About microcontrollers? They are just small computers. With software. Which should not be patentable.

                    2. jake Silver badge
                      Pint

                      @asdf 05:23

                      We're all human.

                      Relax & have a homebrew.

        2. asdf

          Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

          >Do you even know what "two-factor authentication" is, asdf?

          Here is your definition smart guy. Wonder how many times that attitude has cost you getting laid. "But you're going to go through life thinking that girls don't like you because you're a nerd. And I want you to know, from the bottom of my heart, that that won't be true. It'll be because you're an asshole."

          Two-factor authentication requires the use of two of the three authentication factors. The factors are identified in the standards and regulations for access to U.S. Federal Government systems. These factors are:

          Something the user knows (e.g., password, PIN, pattern);

          Something the user has (e.g., ATM card, smart card, mobile phone); and

          Something the user is (e.g., biometric characteristic, such as a fingerprint).

          1. jake Silver badge

            Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

            Ad hominem doesn't work on me, ta you very much. Thirty years of Usenet & Mailinglist moderation will do that to a guy. But if you get off on it, who am I to argue? Enjoy :-)

            A padlock system is "something you have" and "something you know". A lock & key. Both of which existed thousands of years before Herr Schmitz. Thus, the supposed "two-factor authentication" patent is patently invalid. Which is my only point in this thread, other than the fact that Herr Schmitz is a putz.

            As for my sex life ... Happily married for decades. That's all you need to know. Other than the fact that I strongly suggest that the only person's sex life that you should be worried about is that of your partner (or partners), followed by yourself. The rest of the planet's life is none of your business.

            1. asdf

              Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

              I knew about the specific electronic version like I said as i have a fob for one my accounts but am sure the patent lawyers would tell you that specific details matter more than the general concept. Its how Apple gets away with the nonsense they do. As for Schmitz like I said but deleted he is is no martyr but the US government is sure trying to make him look like one.

            2. TheVogon
              Mushroom

              Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

              A padlock system is "something you have" and "something you know". A lock & key.

              Erm no.

              The key is something you have. The padlock is what checks it. So that would be 1 factor authentication.

              1. jake Silver badge

                Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

                Incorrect, TheVogon.

                I have the knowledge of where the lock is. I know how to open it. Two parts.

              2. Neil 8

                Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

                Correct. Jake is embarrassing himself by repeatedly insisting he's right when he's demonstrably not.

                * A padlock opened only by a key (something you have) is 1-factor authentication.

                * A padlock opened only by a pin (something you know) is 1-factor authentication.

                * If you had a padlock with both, *that* would be two-factor authentication.

                Claiming that the lock itself is a factor if authentication is just plain wrong: Making a payment with your chip & PIN card is 2-factor auth. Making a payment with a NFC 'tap to pay' card is 1 factor auth.

                *Waits for Jake's downvote*

                1. jake Silver badge

                  @Neil 8 (was: Re: @asdf (was: This plonker claims to have invented the common or garden padlock?))

                  "Claiming that the lock itself is a factor if authentication is just plain wrong"

                  You are quite incorrect. It's the knowing of where the lock is, and how to use it, that makes it a factor.

                  1. DragonLord

                    Re: @Neil 8 (was: @asdf (was: This plonker claims to have invented the common or garden padlock?))

                    The lock is not a secret. In fact the lock is usually in a prominent location so that people can't access said location (i.e. your garage door, shed door, trunk, etc.). In the event the padlock is part of the secret, then it's probably not securing your property very well.

                    Traditionally usernames and email addresses are considered to be public knowledge because they are used for so many things they might as well be. It's the passwords that need to be kept secret as they prove to the system that you are the person that's trying to log on with that user name. The second factor takes this one step further by giving you something you know (the password) and something you have (the code generator). As others have mentioned above chip and pin is 2 factor as it's something you have (the card) and something you know (the pin).

                    A common form of 2 factor authentication is to have a front door with both a yale lock and a chubb lock on it. Or a combination lock and chubb. And there the convenience of the real world shows itself as in the physical world the user can usually activate 1 or more factors depending on convenience as long as they do it in advance.

                  2. Anonymous Coward
                    Anonymous Coward

                    Re: @Neil 8 (was: @asdf (was: This plonker claims to have invented the common or garden padlock?))

                    > It's the knowing of where the lock is,

                    Not in any sane security system it's not. That's commonly called security through obscurity.

                    Rule #1: always assume the bad guys know where your stash is, and what algorithms you are using to protect it.

                  3. Anonymous Coward
                    Anonymous Coward

                    Re: @Neil 8 (was: @asdf (was: This plonker claims to have invented the common or garden padlock?))

                    So according to you any website using a simple password has two factor authentication. One being the password and the second knowing where the site is and how to use it. Leave out the password and you still have one factor authentication. Somehow that doesn't seem to make any sense.

        3. ecofeco Silver badge

          Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

          Somebody alert Wiki their definition is wrong.

          Something the user knows (e.g., password, PIN, pattern);

          Something the user has (e.g., ATM card, smart card, mobile phone); and

          Something the user is (e.g., biometric characteristic, such as a fingerprint).

          1. asdf

            Re: @asdf (was: This plonker claims to have invented the common or garden padlock?)

            >Somebody alert Wiki their definition is wrong.

            Not sure if ripping on me for using Wikijoke as my source or Jake for calling me out and making himself look like an ass. Either way in retrospect this is the least favorite article I have posted on in weeks. As painful as posting on LP climate science hatchet piece.

  3. This post has been deleted by its author

  4. Christian Berger

    He claimed a lot of things

    Like breaking into the GSM-network in the 1990s. Do yourself a favour, look at his "German years" before he mercifully left out country and was still called "Kim Schmitz". That guy was just one of the most annoying people out there.

    1. asdf
      Megaphone

      Re: He claimed a lot of things

      He may be a douche but its not like the US government hasn't abused its power lately, ignoring things like due process, rule of law and respecting other countries sovereignty. Ends justify the means is a great attitude until you are the wrong side of it. Ask the tea party folks.

      1. jake Silver badge

        Re: He claimed a lot of things

        Funny thing about Tea Party folks ... whenever I spend any time around them here in Sonoma, they actually do seem to discuss dodging taxes wherever possible. Not even the Republicans are that blatant about it. Not certain what that means in the great scheme of things, this is only a testimonial & I'm only a sample of one.

    2. Charles Manning

      Re: He claimed a lot of things

      s/was/is/

  5. Adrian Midgley 1
    Thumb Down

    prior art

    I think exists.

    1. Mark Richardson

      Re: prior art

      The US patent listed in the main article also had a European equivalent (EP0875871). This also granted but was subsequently revoked in the EP's Opposition process following an opposition filed by Ericsson.

      Make of that what you will......

      @KeltieLLP

  6. ratfox

    Prior art

    I'm fairly certain that Swiss banks were using two-factor systems such as a credit card-like object displaying a number since before 98, though it may be a close thing.

    1. MacroRodent
      FAIL

      Re: Prior art

      My bank did 2-factor authentication for online banking already back in about 1990 (may have been a few years before even) with a simple and effective scheme that they still use with minor only modifications: you have a userid (a 8-digit string, not your account number, the "something you know"), and a 4-digit one-time code you pick sequentially from a list they send you on paper (the paper is the "something you have", since nobody except an autistic savant can be expected to memorize hundreds of codes).

      The designers of the system were quite prescient, I think: It has been quite resistant to phishing. It is harder to convince someone to type a lot of codes into a mail to a fake system administrator claiming to need them.

  7. pewpie
    Pirate

    Kim Dotcom claims there was no possible way for ripped movies to be stored on Megaupload, because the filsize limit was 100Megs.

    Kim Dotcom expects people with IT knowledge to accept that he has never encountered archive volumes.

    Kim Dotcom says a lot of things - some of them may be true.. But some of them are certainly bullshit.

  8. streaky
    FAIL

    This patent...

    *isn't* two-factor auth so much as a method of achieving it, but it's not really two-factor auth, because there device *connects* to the thing you're authing with so really it's one-factor. Certainly doesn't describe anything like how google authenticator works if that's what he's claiming. His argument is that the thing you know in the patent is the access to the device itself (phone pin) as opposed to your actual normal login, which is precisely why it *isn't* two factors - the "second factor" is really just the security of the first factor, which does not actually make a second factor at all.

    Also not for nothing, but it's clear nobody bothered to proof-read the document because it's full of typos that change the actual meaning of the patent. Why anybody would cite it is beyond me.

    "establishing a connection between the data input apparatus and a receiver unit upon verification of the validity of the authorization signal." - if anything this is just plain old fashioned login. Think there's a few patents that predate this.

  9. Robert Helpmann??
    Childcatcher

    Banks Had It First

    I would think that the implementation used in modern ATMs would predate this patent by some time. The two factor authentication would be something you have (bank or credit card) combined with something you know (PIN or other passcode). These things were all patented, I believe, as they were invented although it is anybody's guess as to who holds the patents now or if they have expired.

  10. BornToWin

    What a piece or work or other substance...

    Kim Dotcom is quite the whackjob and very delusional.

  11. Anonymous Coward
    Anonymous Coward

    Even if he did "invent" this, how can you possible patent something as bleedin obvious as this anyway?!

This topic is closed for new posts.

Other stories you might like