20+ Companies Sued Over OS Permissions Patent 282
freemywrld writes "According to the article on Ars Technica, Microsoft, Symantec and 20 other companies are being sued over patents covering 'systems for governing application and data permissions, as well as ensuring application integrity.' The patents were granted in the 90's to the Information Protection and Authentication of Texas (IPAT). From the article: 'A response from any of the defendants is still forthcoming, and it is unclear whether the authentication and permissions systems that IPAT's patent describes are precluded by prior art. Even if IPAT has a leg to stand on in court, however, it certainly didn't take the easy route to recovering any damages by suing 22 companies.'"
The defendants (Score:5, Informative)
The lawsuit details are at
http://www.rfcexpress.com/lawsuit.asp?id=43183
In particular, the 22 defendants are
Symantec Corp.
Microsoft Corp.
AVG Technologies USA, Inc.
CA, Inc.
Check Point Software Technologies, Inc.
Comodo Group, Inc.
ESET, LLC
F-Secure, Inc.
iolo technologies, LLC
Kaspersky Lab, Inc.
McAfee, Inc.
MicroWorld Technologies, Inc.
NetVeda, LLC
Norman Data Defense Systems, Inc.
Novell Inc.
PC Tools, Inc.
PWI, Inc.
Sophos, Inc.
Sunbelt Software, Inc.
Trend Micro Incorporated
Velocity Micro, Inc.
Webroot Software, Inc.
Re:Location, location, location (Score:5, Informative)
Let me guess -- this was filed in the Eastern Texas District, right?
"IPAT, which apparently purchased these patents from their listed inventor of Addison M. Fischer, filed its complaint in the Eastern District of Texas on December 30, 2008"
Re:Isn't it a bit late for this? (Score:2, Informative)
Re:Isn't it a bit late for this? (Score:5, Informative)
yeah unfortunately that is exactly how the patent system works. Trademark is the only IP that you have to "protect" proactively or risk loosing.
With patents it is 100% acceptable to patent a bunch of ideas and then wait for someone else to develop them commercially, and then sue them and take the profits.
Re:I'm Scared (Score:5, Informative)
You haven't infringed the patent.
Now, if you want to infringe the patent, you'd have to tell us the command you could issue to allow any program except say, GIMP, from accessing your data. This is 'program access', not 'user access'.
13 year delay == no patent claim (Score:5, Informative)
Apparently, a six year delay negates patent protection [patentlyo.com] (the patentee has "unreasonably and inexcusably" delayed prosecution) under the same laches idea as made above.
Patent Law Blog (Patently-O): Laches and Equitable Estoppel. [patentlyo.com]
Re:What? (Score:2, Informative)
Re:Straight to step 3: ???? (Score:2, Informative)
>Even better, if this isn't already done, if someone files a patent/copyright suit, they have to pay for the judge, baliff, stenographer, etc. If the IP
>is truly that important, they'll have no problem spending an extra $100K to get it.
Oh sure you say that *now*, when you don't have some company publishing your book/song/program. I think you'd have a different opinion if you were defending your own work against someone who has claimed it.
Re:Good luck with that (Score:5, Informative)
Too bad they didn't file this 3+ months ago.
See USPTO: Re Bilski
Determining patent viability under section 101. "Under this test, a patent claim is eligible if: (1) it is tied to a particular machine or apparatus, or (2) it transforms a particular article into a different state or thing."
See USPTO: Ex parte Langemyr and Ex parte Wasynczuk
"A general purpose computer is not a particular machine, and thus innovative software processes are unpatentable if they are tied to a general purpose computer."
Re:I'm Scared (Score:3, Informative)
Yes, claim one has as prior art just about every access control mechanism known to machine. VMS, Kerberos, probably even venerable MVS. There may or may not be prior art for each particular dependent claim, but they amount to "gathering the foam", as Justice Bradley once put it -- in this case, attempting to secure every combination of digital signatures and ordinary access control.
The other independent claim, Claim 42 would also appear to be anticipated by VMS, and again probably many others. Many of the dependent claims here are laughable; patenting fine grained privilege might be defensible (if it didn't already exist, which it did); patenting particular grains is ridiculous.
The Compartment Mode Workstation work (circa 1990) probably covers quite a few of the claims made here, including those not covered by other OSs.
Re:Good luck with that (Score:5, Informative)
when we engaged in mild protectionism this wasn't an issue. We used to charge tariffs on imports from nations without proper human and labor rights.
Now we don't.
this video [google.com] tells the story of congressional stupidity starting at around the 9:40 mark.
Re:This needs a mod-up, also - 1969, UNIX (Score:5, Informative)
By the way, unix [wikipedia.org], which incorporated the archetypal permission system, was developed in 1969.
This is a clear case of prior art which even a "patent troll judge" cannot ignore. It's neither obscure nor contestable as its history is very well documented.
Any judge who doesn't throw it out of court after unix is brought forward as an example of prior art should be immediately scheduled for competency hearings.
[Citation needed]
... Or at least a better understanding of what prior art is, before you go calling for competency hearings. The Unix permissions system doesn't disclose all of the limitations of the claimed invention, specifically "establishing a program authorizing information data structure for storing a plurality of authorization entries each indicating at least one of those computer resources and information processing related functions which may be used by an associated program;"
Unix works with user permissions... This is application permissions. You have rwx access to /user/[name]/library, but maybe you don't want /application/fubar to have full access there, even though you're the same user running it. Look, it's right here in the patent:
Thus, the present invention advantageously protects a user from any program to be executed. The present invention is particularly advantageous in light of current data processing practices where programs are obtained from a wide range of diverse, untrustworthy places such as computer bulletin boards or other users of unknown trustworthiness.
99% of what you read on Slashdot regarding patents is not just wrong, but the complete opposite of reality. Such as calling for competency hearings for a judge refusing to invalidate a patent on file permissions at application-specific levels because "unix was developed in 1969".
Re:This needs a mod-up, also - 1969, UNIX (Score:3, Informative)
ok, by that description the concept of user accounts combined with the standard rwx permission system " advantageously protects a user from any program to be executed".
Programs executed in one user space do not affect the programs or data in another user space unless the rwx permissions are changed properly.
in your example: /user/[name]/library, but maybe you don't want /application/fubar to have full access there
Unix works with user permissions... This is application permissions. You have rwx access to
change the permission of the folder to exclude /application/fubar's group. BAM, same thing.
my point still stands.
Re:I'm Scared (Score:2, Informative)
Re:Never. (Score:3, Informative)
Don't expect the C&D.
I read the patents, the first one (5,412,717) basically functions as a whitelist to protect users from a computer virus. It includes hashes and specific actions a program can or cannot do. chmod functionality protects data from users, while this invention protects users against viruses. It includes a description of a certification authority system much like SSL certificates, which authenticate the contents of the whitelist explicitly or implicitly.
5,311,591 seems to include something to monitor this activity inside an operating system.
In both cases, emphasis is on the trust hierarchy to provide authority for trusting that such a list is valid.
Re:Location, location, location (Score:4, Informative)
seceding, as is their right according to their terms for joining the union
Normally I wouldn't ruin a good joke with pedantry, but this seems like the sort of thing people will see and then bring up in conversation for the rest of their life.
Texas isn't free to secede.
Re:Good luck with that (Score:5, Informative)
Umm... we (I assume you mean the "United States") do spend more on education than on warfare. Even if you consider the entire DOD budget -- much of which is not spent on "warfare" but on being ready for warfare -- the DOD outlays are about the same as those for public primary and secondary education (I'm too lazy to track down exact figures for the same year for both categories though - try using google).
You may be making the mistake of looking at only the Federal budget -- most education spending is from state/local governments (and some is from private individuals/organizations) in the United States while all of the defense spending comes from the Federal budget (this is not a surprise - the US Constitution doesn't authorize the Federal government to involve itself in Education, but requires it to provide national defense -- although the Constitution is often overlooked which gives us the Department of Education and NCLB).
Some references... Page X [census.gov] shows a total 2005-2006 public Primary/Secondary expenditure on education (so excludes expenditures on universities, junior colleges, and all private schools etc) at $527B. The entire DOD budget for 2009 is under $550B [wikipedia.org]
Re:Time to rethink patent laws (Score:3, Informative)
Economists have always worried about whether the patent system actually works as intended or not. For evidence that it probably does not work for e.g. software, start here: http://researchoninnovation.org/ [researchoninnovation.org] Before reading the recent literature, however, I'd recommend reading Machlup's famous review: http://www.mises.org/etexts/patentsystem.pdf [mises.org] in which it is made clear that fairness is an outdated way of thinking about patents and a weak justification for them at best: the disclosure benefit is dubious, to say the least, and the patent privilege is something which needs to be justified as beneficial despite its potential for *unfairness* (and its various other negative effects).
Re:Good luck with that (Score:3, Informative)
Manufacturing moved elsewhere 20yrs ago. IIRC Reagan and Thatcher spent most of the 80's crushing unions and telling everyone it would be a GoodThing(TM). Not that I think the removal of tarrifs and perpetual subsidies is a bad thing, quite the opposite, but you need more than that to "level the playing field". You also need to take into account the reglatory regime under which the manafacturing was performed. To do otherwise is simply exporting the labour/environmental problems to nations that don't/can't give a fuck about either. Before you know what's happening everything is made elsewhere, it's dirt cheap and has a high probability of serious defects and toxic contaminants (reminicent of pre-seventies "jap-crap"). IMHO the corect term for the labour side of this is "cheap labour capitalisim", I don't know if there is an equivalent for the environmental side
Note: Rant maybe but not an anti-conservative one, just some observations and an onion-belt story. And even though I think it's a half-assed idea, I will readily admit the "service economy" has been generous to me personally.
Re:I'm Scared (Score:3, Informative)
The Orange book was already out in 1983, some ten years before the first of these two patents.
Re:Setuid + Setgid = Prior Art (Score:3, Informative)
No that doesn't do it at all. The patent is describing a more fine-grained security model than users/groups/permissions and as such allows the user to do things that can't be done with the standard posix file permissions. If memory serves tt's normally called capabilities, and although it has been around for at least 10 years, the patent probably predates it shipping in unix/nt systems.
In particular, if you try and describe capabilities using groups, lets say that you have two permissions that you want to give an application: B & C, how would you do this in normal posix permissions? A file can only be in a single group at a time. This problem is exactly why ACLs were bolted onto linux, and the patent describes another way of solving the problem.
It is not standard unix file permissions, even if it has already been around for a decade.
Impersonation? (Score:3, Informative)
Other systems are also designed to protect system files from being modified by an application (say, a virus), but IPAT's patent goes one step beyond that, with a system that can prevent programs from modifying a user's files.
The "one step beyond that" part what is called "impersonation," when program works in context of a user. Impersonation [wikipedia.org] is word from WinNT universe, though setuid is pretty much the same thing.
It's needless to talk about prior art. There are piles of it.
Re:I'm Scared (Score:4, Informative)
Of course, the point is moot here, because of the immense amount of prior art.