Feeds

back to article Did Kim Dotcom invent 2-factor authentication? Er, not exactly...

Twitter is the latest major web service to beef up its security two-factor authentication (2FA). The security feature is a pretty simple and effective approach - and one the notorious Mega kingpin Kim Dotcom claims today to have invented back in the '90s. Two-factor auth is a simple process for verifying that the user accessing …

COMMENTS

This topic is closed for new posts.
Devil

I think he holds both patent and prior art ...

... on being an attention-seeking self-aggrandizing loud-mouthed bellend.

14
1
Silver badge
Trollface

Re: I think he holds both patent and prior art ...

Now wait a minute, that's really not fair: you missed out "salad-dodging".

5
0
Gold badge
Happy

Re: I think he holds both patent and prior art ...

You beat me to it. I was just going to suggest that we start referring to him as "Kim Bellend" around here, seeing as his last name is a bit of a moveable feast anyway.

1
0
Silver badge

Re: I think he holds both patent and prior art ...

Now now, there are plenty of those much further back in history.

Also, he's a hero. People hate, but effectively he's living the dream. Doesn't matter how he got there.

2
2

Re: I think he holds both patent and prior art ...

"Also, he's a hero. People hate, but effectively he's living the dream. Doesn't matter how he got there."

I'm not aware of this new definition of hero. Usually the dictionary suggest selflessness rather than convictions for fraud and blatant attempts at IP theft as criteria for the honorific.

3
0
Anonymous Coward

Self promoting bullshitter in self promoting bullshit shocker!!!!!!!!!!1

1
0
Happy

Registered *where*?

A bit confused. Are the dates mentioned US-only? Not that I imagine Ericsson et.al. would fail to register in both EU and the US, but I still think it's relevant information, especially with the mention of the EU patent office.

1
0
Silver badge

Kimble = twat

Patent trolling as well as being an aimbot nob.

1
1
Silver badge

"On his Twitter page, Kim Schmitz/Dotcom describes himself an "innovator". To earn the title, you've got to introduce something new. Kim Schmitz/Dotcom - in this case at least - doesn't appear to have done so."

That will not stop the US Patent Office from upholding his patent.

8
0
Anonymous Coward

So it sounds like he did invent it, with the caveat that someone else got there just before him. But presumably he was not aware of that and did not copy the others. This sort of thing is very common: http://en.wikipedia.org/wiki/Multiple_discovery

Of course, it's possible that Kim Dotcom did copy other people's ideas and then patent them, but it seems like a conclusion you'd come to if you hated Kim Dotcom, rather than the one Occam's razor would suggest.

8
1

Ordinarily, I would support your statement.

Having followed Kimble's career with interest for the past 15 years or so, I will make an exception in this case and suggest that patenting previously patented stuff for the purposes of claiming to have invented it in the future is the correct explanation.

4
3
Anonymous Coward

But the aggrandising, the magnitude.

Still, he shouldn't claim he invented it by broadcasting it to the world over twitter like he's Jesus/Jobs just to get his repugnant existence more attention...

"He was asking for it, officers"

1
1
Silver badge
Meh

I'm so tired

Pretty sure prior art predating the first gleam of patenting lighting up the mind of an innovator having an idle period on the khazi can, and will, be found.

0
0
Bronze badge

To do anything more than basic Banking at Natwest - I have to put my card into a battery operated unit and type a code that the website generates into it and then type the code the unit generates into the website. This verifies that I have physical possession of the card that is tied to my account. Is this not a form of 2 step authentication? What about USB dongles or smartcards that are needed to login to a computer system (after entering username and password) is this not also 2 step authentication? OK so this specific example is via SMS but the mechanism is essentially the same - we could even simplify the system further and refer to 2 step authentication as handshaking - in which case it's been around for donkeys years. This of course is the biggest problem with patents - common sense says that is describing a system that already existed in a different form (think "to lock the door / gate you slide the bolt into the hole and to unlock it you slide the bolt back out of the hole" the process is the same whether it is physical or virtual)

0
0
Bronze badge

ATM card

ATM cards are weak 2FA. For an unskilled attacker, there are two factors: the PIN ("thing you know") and the card itself ("thing you have"). Skilled attackers, though, can get the PIN from the card - it's on the magstripe - or, if they get your PIN and account information through other means (eg a skimmer) can duplicate the physical card.

ATM cards are thus a good example of using 2FA to prune the most prominent branches from the attack tree and raise the work factor above profitability for most petty criminals - at least before cheap skimmers became widely available.

So yes, obvious prior art for 2FA in general - which is not what this patent claims, but is what its holder is claiming.

0
0
Silver badge
Joke

... A later patent filed by Nokia...

There's no need to give them any tips on making money out of their patent back catalogue, we want them to go back to making decent phones.

3
0

Some juicy details...

Dotcom claims: "I never sued them. I believe in sharing knowledge & ideas for the good of society. But I might sue them now 'cause of what the US did to me."

Except that the filings in the opposition procedure at the European Patent Office say otherwise. In particular, in a letter from his European patent attorney, dated January 22 2010 and available through https://register.epo.org/espacenet/application?documentId=EPV3JPRS0966J10&number=EP98100688&lng=en&npl=false , he asks for an acceleration in the proceedings, because (in German):

"Die Patentinhaberin erwägt die gerichtliche Durchsetzung des korrespondierenden US-Patents (US 6 078 908) in den USA."

Translated:

"The patentee is considering the legal enforcement of the corresponding US patent (US 6 078 908) in the USA."

This was almost two years before his arrest...He isn't just a leech and a patent troll, he's also a very bad liar indeed...

0
0

Oh come on...

Can we stop calling him "Kim Dotcom" and go back to his former name of KIMBLE? El Reg, you used to absolutely skewer this fat charlatan back in the day. "Innovator..." my arse. He "innovated" his crack team of skript kiddies after 9/11 called "YIHAT" who then proceeded to do...nothing, but pretended they were hax0ring Islamic banks. He "innovatively" defrauded stupid venture capitalists and went on the run, before being arrested and proclaiming himself "King Kimble of the Kimpire" (and then threatening suicide).

Too bad Kimble's unintentionally hilarious homepage at kimble.org no longer exists...those awful animations of him as a "secret agent" making Bill Gates piss himself were comedy gold.

Go to attrition.org's charlatan page for a better dossier on this so-called "innovator." Brilliant scammer? Maybe. "Innovator?" Heh.

1
1

Re: Oh come on...

Kimble? Schmitz, you mean...It's the name on the patent, anyway.

1
0

Frankly with his track record anything he says should be taken with a pinch of salt. He hasn't changed, he's still a cheating, bullshitting moron with no correct claim to anything since he first found out about the Internet.

0
0
Pint

Only a pinch pf salt?

More like a car load.

0
0
Trollface

US patent system

He got a patent through the Patent Office; what has prior art or previous patents describing the same thing got to do with anything?

That is how the US patent system works.....right?

1
0
Bronze badge

What a con artist this jerk is

Anyone who would change their legal name to Dotcom is a jerk and his claim of inventing two-factor authentication process is absurd.

0
2
Gold badge

District Court of Texas?

Oh, Texas is absolutely full of illiterate, imbred rednecks. The courts there being no exception. Patent trolls LOVE taking their cases the district court for the eastern district of texas, as they favor the patent holder an exceptionally high percentage of the time. (I'm not saying Dotcom is a patent troll by any means, but he would want his case done there.)

0
2

utter tosh, i developed a 2fa replacement for /bin/login for our unix boxes in the early '90s, and it wasn't a new concept even then

0
0
Meh

Dial up had similar

Just to go further back was not the return dial up feature a form of @ way authenticaton. You dialed the modem you wanted to connect to eg say a security system then hang up , it would dial you back to confirm it was infact that connection. Not sure if that was patented though.

0
0
Anonymous Coward

Re: Dial up had similar

No, that's not two factor authentication, I thought.

But then I realised that it is exactly analogous to the SMS code thing. Having provided a name you prove you are have the phone linked to your name. I used that in the late 80's although it was touted as a way of saving money, not for authentication.

On the other hand, in the mid nineties I used the RSA two-factor token which was already well-established by then....

If Kim CantDecide did invent 2FA he must have sat on it for a very long time while passing it on to world+dog thereby invalidating his own patent ...

0
0
Bronze badge

Re: Dial up had similar

Dial-back coupled with a conventional credentials (username/password) check is indeed two-factor authentication. One factor is a "thing you know" - the credentials. The other is a "thing you have": the phone number that the system will call back to. In this case the "thing you have" factor is a virtual rather than physical possession, but it still behaves like a possession for authentication purposes.

(Dial-back without a separate login of some sort, either before or after the connection is made, is not 2FA, unless the number you initially call is secret. Then it becomes a key, but a decidedly weak one.)

Similarly, location-specific authentication systems, where you can only sign in to a particular account if you're using a specific physical terminal, are 2FA, though whether the second factor counts as a "thing you have" (physical access to the terminal) or a "thing you are" (your location) is a philosophical question. (Usually the "thing you are" class of factors refers to biometrics, but more generally it refers to attributes of the user that aren't possessions or knowledge.[1]) Such systems are still used with many mainframe installations, for example.

[1] Though complicating the question still further is the fact that some researchers like to restrict the "thing you are" category to attributes that are difficult to alienate - i.e., rarely lost, and difficult or expensive or to transfer to another user or attacker. That's claimed as an advantage for biometrics, though it's also held up as a disadvantage of biometrics, since few of us keep secrets that we want to lose, say, a finger over. Your location is an eminently alienable attribute, which makes it in this sense more like a "thing you have". What this really shows is the know/have/are schema, while a useful introduction to the idea of multifactor authentication, is a poor theoretical framework. What security experts really mean (or really should mean) by two-factor authentication is "two factors with significantly disjoint threat models".

0
0
This topic is closed for new posts.