IBM Applies for Password Manager Patent 247
An anonymous reader writes "As of August 21, IBM has applied for a patent on "A convenient and secure system and method for access to any number of password-protected computer applications, web sites and forms without adding to the user cognitive load and without circumventing the inherent security of such password-protection schemes. An existing password field on a device display is overlaid with password wallet pop-up field which allows a wallet "master" key to unlock the wallet. An application-specific and/or user-specific password is automatically retrieved from the wallet and entered into the password field with no other user action required." This isn't much different from Mozilla's "Master Password"."
Prior art (Score:5, Insightful)
Re:Prior art (Score:4, Informative)
Re:Prior art (Score:5, Interesting)
Not true at all. The USPTO does dog food as a preference, but if you try to patent something and include references to scientific literature in the patent, it is quite likely that the examiner will turn around and use those references against you.
Re:Prior art (Score:3, Informative)
That was rather frustrating, since he'd likely never have found those references if we didn't include them, when compared to some of the patent silliness I read on Slashdot.
Re:Prior art (Score:2, Funny)
That's why they will only patent things with no scientific literature, like Healing Pyramids and stuff...
Re:Prior art (Score:5, Informative)
Please stop repeating this falsehood.
Re:Prior art (Score:4, Informative)
No, only published prior art. If you secretly invented it, didn't reveal this to the public, but still can somehow prove it... it won't invalidate the patent.
One time, for example, a student came up with an invention and turned it in for a grade in college. Later on someone else filed for a patent on the same idea. Hearing about this, the college dug out the graded paper from their records, and got everyone involved to swear as to it's veracity. The USPTO acknowledged that yes, the student had invented it first, but the patent would still go to someone else.
Re:Prior art (Score:4, Informative)
You have the first part wrong. Prior art need not be published for it to be used to invalidate a patent. The prior art only needs to be "known." See 35 USC 102 [cornell.edu], particularly subsection (a).
The reason the student's paper is not prior art is not because it wasn't published, but rather because it was secret, and therefore not legally "known" by others in the patent law sense.
Re:Prior art (Score:4, Informative)
Phil Farnsworth was awarded patent rights to using CRT as the mechanism for electronic television based on some scribble he had made in high school as a 14 year old.
Patents are granted for first to invent, not first to publish.
On the other hand if you invent something and dont patent it within one year, you lose the rights to patent it (that is, nobody will get the patent).
Re:Prior art (Score:2)
Re:Prior art (Score:4, Informative)
IBM is famous for publishing many thousands of these, which are frequently cited by both inventors and patent examiners as prior art, and frequently wielded by IBM to quash bogus patents.
The old IBM Patent server [ibm.com], which later became Delphion [delphion.com], originally provided access to the IBM technical disclosure bulletins as well as US patents. They are now searchable for free at the IP.com Prior Art Database [priorartdatabase.com] along with disclosures from a number of other large companies. I've only just found out about it, but apparently you can only view summaries and have purchase full documents or to perform advanced searching, but it appears like a useful resource. Also easily browsable by month, which is kinda neat.
I'm sure someone could find an example otherwise (or even has their own horror story), but as I understand it, IBM is probably the one big tech company least guilty of abusing the patent system. Sure, they make a lot of money off of licensing and have been known to throw their weight around from time to time, but they usually seem to play relatively fair unless they're put on the defensive.
Nonsense! Repetition does not make it true. (Score:5, Insightful)
Prior art is defined by statute, and the USPTO has no discretion to distinguish between patent and non-patent prior art. The USPTO searches not only the corpus of patent art, but also many commercial and generally available databases of non-patent prior art. Patent claims are frequently (and in some cases famously) refused in view of non-patent prior art.
Singificantly, if you are aware of patent prior art for a published application, there are vehicles by which you may make the art a matter of record. Finally, if a patent issues with respect to which you are aware of prior art (patent or non-patent) raising a substantial new question of patentability, you may either file yourself or bring it to the attention of the Commissioner who may, in his discretion, bring his own reexamination proceeding. Again, patents have been rescinded famously in view of non-prior art in this manner as well (Compton's for example).
Re:Nonsense! Repetition does not make it true. (Score:2)
It would only be legitimately called a canard if it were false, e.g., if I said they never checked any sources for prior art. I'm sure they must. Probably.
Naive and foolish (Score:5, Informative)
And, by the way, there are a kazillion remedies available to you if the USPTO issues a bad patent short of full-scale litigation. If you actually have killer prior art, just file for reexamination, and it would be a matter of course.
Re:Prior art (Score:2)
Secondly, everybody seems to be missing the point that IBM has had this technology for over 6 years. So your prior art has to be older than that.
I don't think you know what prior art means... (Score:5, Insightful)
So the question is does IBM have a new and unique way of doing password management.
Re:I don't think you know what prior art means... (Score:5, Informative)
No, they don't. Because their description is exactly what Apple's Keychain does. Just replace "wallet" with "keychain" in this passage from IBM's own description of their system:
The Keychain has been around since System 7 Pro, which dates back to October of 1993 or thereabouts. [ucsb.edu] Whether Apple patented it or back then not, I don't think they'll have any choice but to contest this IBM patent attempt-- because if it goes through, Apple will have to pay licensing fees to IBM to continue using Keychain in OS X.
~Philly
Re:I don't think you know what prior art means... (Score:2)
Not quite true. As has already been pointed out, the issue of a patent by the USPTO does not mean that the patent is enforcable. Apple might very well be able to prove that t
Re:I don't think you know what prior art means... (Score:2)
everybody knows that this is SCO's IP, and that you should pay them $699 to use it.
Actually read the claims... (Score:5, Informative)
If you actually read the patent application [216.239.41.104], you'll see that they are patenting something much more narrow than you think.
IBM is attempting to patent a UI hack that will detect a signon request from a website or other application, and superimpose their master signon dialog. They are NOT attempting to patent the ideas that are covered by Keychain or Mozilla's autofill. By superimposing their own "widget" exactly where the application specific logon would be, this master signon system preserves the flow of the application UI.
By comparison, the Keychain and autofill solutions can be more intrusive, and can be less secure. IBM's master signon would be entered every time I need to signon. I'd only need to remember one password. By comparison, Keychain and autofill don't require one to log into each application. An office worker can walk away from their desk without locking their screen saver and someone can use their accounts.
Re:Actually read the claims... (Score:3, Interesting)
So the user thinks they are typing their password into site XYZ's mega secure web site, when they are actually typing it into IBM's not so secure widget? What are the consequences when this 'password widget' gets cracked? The user is not aware of even the possibility of a crack because they are not aware the widget exists.
Not to mention the possibilities for a virus/worm installing its own version of a 'password widget', which the user will again not be aware of.
Re:Actually read the claims... (Score:2)
A thought also occurs to me - both could also allow the system administrators to set
Re:I don't think you know what prior art means... (Score:5, Informative)
When a Keychain-aware Mac application wants a password and I have previously indicated that I want it to use the Keychain services, a Keychain dialog pops up and asks for my Keychain password. Upon correct authentication, the Keychain passes the application-specific password to the requesting application.
Do you think IBM's system will just automatically sniff out instances where it should assert itself? Because I don't-- I think apps will have to be changed to be at least minimally aware of the password wallet service.
~Philly
Re:Prior art (Score:2, Insightful)
Re:Prior art (Score:5, Funny)
And Microsoft's Passport thing? Isn't it meant to include that functionality as well?
No, read the story again. It distinctly says, "a convenient and secure system" (emphasis added).
Re:Prior art (Score:2)
Re:Prior art (Score:2)
We can support you, bring the software patent war home!
http://www.noepatents.org [noepatents.org]
http://wiki.ael.be [wiki.ael.be]
http://swpat.ffii.org [ffii.org]
http://softwarepatents.co.uk [softwarepatents.co.uk]
Re:Prior art (Score:2)
Who do we like today? (Score:5, Funny)
Patent story... BOO IBM
do we like Apple today too? or is this an anti apple day? it's hard to keep up
Re:Who do we like today? (Score:4, Insightful)
Re:This exists? (Score:2)
OK [apple.com] (scroll most of the way down to "A Secure Keychain")
Re:Who do we like today? (Score:5, Insightful)
SCO Story... BOO SCO and the American judicial system for allowing to let this farce go on for so long
Patent Story... BOO USPTO for allowing American corporations to behave like this.
Generally.. Boo the American government for giving corporations so much power.
Re:Who do we like today? (Score:4, Insightful)
Having said that, SCO's abuse of the legal system is of a completely different order to IBM's (attempted?) abuse of the Patents system here. SCO are committing the corporate equivalent of a suicide bombing.
Re:Who do we like today? (Score:4, Insightful)
That said, this is a really vile game, that only benefits the big players. But IBM didn't start it. And IBM hasn't been particularly viscious about it. (I'm told that they *do* collect a lot of money on patent royalties, but I haven't heard of them trying to put companies out of business [bar SCO].)
Re:Who do we like today? (Score:3, Insightful)
Correction. From your point of view, I would think that the problem is that the government hasn't restricted corporations enough, not that it has handed them anything.
These are different situations, since restricting corporations might not always be a good thing, yet giving them power is always decidedly bad.
And the whole government is not to blame for these issues; merely the USPTO and often the judicial branch.
Re:Who do we like today? (Score:2, Insightful)
Re:Who do we like today? (Score:3, Insightful)
Patents are good when they protect the little guy from the big guy, and they even make sense for corporationsn at times.
In my opinion, the problems come when people patent the digital equivalent of eating cereal with milk. A more knowledgeable USPTO would go a long way to keep the suits off our backs.
Re:Who do we like today? (Score:2, Funny)
Interesting double meaning there.
Re:Who do we like today? (Score:2)
Corporations are institutions completed created by the government. They have no inherent rights or powers aside from what the government has given them, so it seems to me that not restricting them is the exact same thing as giving them power.
Re:Who do we like today? (Score:2)
Nope.
They have no inherent rights or powers aside from what the government has given them
One could argue that humans have no inherent rights or powers aside from what their government allows. Does that mean that humans are "institutions completely created by the government?"
so it seems to me that not restricting them is the exact same thing as giving them power.
I just don't agree with your two premises, therefore I cannot accept your
Re:Who do we like today? (Score:2)
Secondly, I can only think of a few laws that explicitly empower corporations (the Telecommunications Act of, what was it, 1997? comes to mind).
The problem is that most Americans are apathetic and vote for "whoever," if at all. We fund corporations by buying their products and voting for candidates they support. We aren't forced into doing either
Re:Who do we like today? (Score:2)
The supplied link goes to an error page. What's up with that? Anybody have a link to the correct page?
Re:Who do we like today? (Score:2)
IBM is one of the few companies that I don't mind holding patents, at least for now. Their method for enforcing patents is waiting to get sued by someone and then busting out a nice portfolio of patents the other people are infringing on and saying, "Lets call this a day, shall we?"
As long as they keep doing that, them patenting everything is better than Amazon or countless others.
Just make an opinion check (Score:5, Funny)
Comanies:
SCO: DC 30
IBM: DC 10
Microsoft: DC 20
Amazon: DC 15
MPAA / RIAA: DC 30
Apple (If you use Macs): DC 5
Apple (otherwise) : DC 15
RedHat: DC 5
Disney: DC 15
US Government: DC 20
Other Government: DC 10
Modifiers:
Is switching to linux: -20
Is switching from linux: +15
Is going after Microsoft: -10
_____ vs. SCO : -20
Files a BS patent: +10
Is being investigated by the US government for anti-trust or Fraud: -5
In this case, we have IBM, a DC 10 check. We add a +10 Filing BS patent modifier, and we realize that we'll have to roll a natural 20 to make this check. I rolled a 18, so while I come close to supporting them, I just can't and decide to waste a bunch of my time making these charts instead.
Re:Just make an opinion check (Score:2)
Apple (otherwise) : DC 15
Modifiers:
Is switching to linux: -20
Is switching from linux: +15
Is going after Microsoft: -10
_____ vs. SCO : -20
Files a BS patent: +10
Is being investigated by the US government for anti-trust or Fraud: -5"
Makes crappy computers that break a lot: +50
Okay... I have Apple, a DC 5 check. They're not really going to or from Linux. They make OpenFirmware computers and support many of the same APIs, so we'll give them the -20 anyway. They're pretty
Re:Who do we like today? (Score:2)
I'm afraid the "securing" part lies in enforcement...
Re:Who do we like today? (Score:2)
The "securing" part may also lie in "not allowing someone to get the same patent and sue us", and this is something IBM has done for a while.
Not the worse practical approach to the problem in a place and time where such patents are allowed; the problem is that it isn't easy for us to trust $BIG_CORP not to change approach some day.
ah crap... (Score:2, Redundant)
Re:ah crap... (Score:2)
There's nothing evil about applying for frivilous patents. If the USPTO is stupid enough to grant such patents (and we all know it is), go for it.
What's evil, however, is enforcing such patents. But there is another side to the same coin - if enough idiotic patents are enforced, perhaps, just perhaps, people will start seeing that the system doesn't make any sense. And when the patents are used to attack annoying companies like SCO, all the better.
Re:ah crap... (Score:2)
Your second link is a lot more relevant to the story. Is Fritz Teufel related to Erwin Teufel? Erwin Teufel is the head of the ruling party in Baden-Wuerttemberg - the state where IBM
Re:ah crap... (Score:2)
Yes, I know what 'Teufel' means, my homepage's domain should have made that clear.
Novell (Score:5, Insightful)
Re:Novell (Score:3, Informative)
Yet Another Uninformed Patent Story (Score:5, Insightful)
Also try to remember that a patent is for a specific implemenation of an invention and does not cover the general idea of the invention itself. If this were granted it would be possible to come up with your own implementation for password management and not be infringing on the patent.
Re:Yet Another Uninformed Patent Story (Score:2)
Not to mention that this is merely a patent application which could claim the sun, moon and stars as a starting point for negotiations as to what the issued patent would cover.
Comment removed (Score:5, Informative)
Re:Yet Another Uninformed Patent Story (Score:2)
Wrong: a patent is precisely for protection of an idea. A patent application contains a detailed description of the "preferred embodiment" of said invention, but the key word is preferred. Other embodiments that perform the same thing are still violations if the claims are broad enough. If the patent contains a claim that covers a system that uses a master pass
Re:Yet Another Uninformed Patent Story (Score:3, Insightful)
For example, here the general idea is password management. If this patent were granted
Re:Yet Another Uninformed Patent Story (Score:3, Interesting)
Again, it depends on how broad the claim is. If you got a patent on a steam engine that contained a broad claim about converting steam into mechanical motion, then whether you generate steam by burning wood or coal or whatever, or move up/down or back/forward along rails, is irrelevant: you are in violation. The job of a patent attorney is to get the broadest claims possible to cover as much as possible, including methods
Re:Yet Another Uninformed Patent Story (Score:3, Insightful)
You can't write claims which leave out important steps or parts in the invention you are trying to patent. In the above example the claim would have to have a part about some manner of transistion between
Re:Yet Another Uninformed Patent Story (Score:2)
Re:Yet Another Uninformed Patent Story (Score:3, Interesting)
Re:Yet Another Uninformed Patent Story (Score:2)
Re:Yet Another Uninformed Patent Story (Score:2)
Claims:
[..] A computer-implemented method for procuring legal services, comprising: receiving a service request including information reflecting a type of legal service; determining from a set of service providers a select group of service providers capable of satisfying the service request based on stored information associated with the set of service providers, the stored informa
Bruce Schneier did this a long time ago (Score:4, Informative)
Re:Bruce Schneier did this a long time ago (Score:2, Informative)
I'm not so sure, but then I haven't read the claims (and won't bother either). Password Safe though, is available here [sourceforge.net].
I just wish someone would implement a treeview instead of a list.
Not necessarily bad... (Score:5, Interesting)
Said another way, IBM having the patent just prevents some VC-backed cyber squatter patent the idea and then demand royalties from everyone under the sun.
Re:Not necessarily bad... (Score:2)
Unless you piss them off, then they let the lawyers loose like they're doing to SCO.
Re:Not necessarily bad... (Score:2)
Time to fight not rationalize the harm. (Score:2)
Or you could work to inform people about people about the problem with so-called software patents thus helping them understand why nobody should have them.
Just because you may avoid an infringement lawsuit doesn't mean you are being helped. Cros
More prior art at Bell-Labs - 2002 (Score:5, Informative)
The Fourth Edition of Plan 9 includes a substantially reworked security architecture, described in the USENIX Security 2002 conference paper [html [bell-labs.com], ps, pdf] by Russ Cox, Eric Grosse, Rob Pike, Dave Presotto, and Sean Quinlan.
One particular aspect that other operating systems may wish to adopt is our single-signon solution. A process called factotum is used to hold credentials like passwords and public/private keypairs and perform cryptographic operations. Factotum allows clients to speak a variety of cryptographic protocols and therefore legacy application servers can participate in our single-signon system without change and without even knowing it exists.
The factotum has no direct permanent storage, but rather fetches credentials at startup from a secstore server on the network. To authenticate safely with the secstore, Password Authenticated Key-exchange is used; this implies that the user just has to remember and type one password and passive eavsdroppers or even active malicious intermediaries can not launch even a dictionary attack against the system. The credentials are encrypted for storage on secstore, so even an administrator there would have difficulty reading them.
factotum (Score:2)
took off.
Responsibility (Score:5, Funny)
STOP! STOP! (Score:3, Funny)
The innovation is killing me!
[/sarcasm]
Re:STOP! STOP! (Score:2, Offtopic)
Second, it's not that difficult to devise a scheme that will allow for editing, but deal with the karma whores. For example: allow the editing of a post for only the first 10 minutes after posting. Second, any changes to the post result in a forfeiture of any moderation received up to that point, unless the moderation is negative.
Interestingly, comments rarely
Useful reminder (Score:3, Insightful)
read more carefully (Score:4, Informative)
A password field pops up in an application. their software pops up a dialog right over top, and asks you for the master password. It then finds your password and fills in the box.
visually, it makes more sense.
It called a defense (Score:2)
I am sure MS wish they would have filed for a patent for extending their own browser. I would not doubt that it never occurred to them that such an obvious next step was patentable.
prior art - SASL and Keberos? (Score:2)
Maybe not so bad (Score:2)
Of course if they enforce it i'll be pissed
Better IBM than the bad evil one. (Score:2)
Whether or not we like patents it is rather nice having the company with the most patents in the industry on our side.
And i dont think IBM is ev
This seems to fit a pattern... (Score:4, Informative)
They seem to include such revolutionary ideas as scroll bars [uspto.gov] and window resizing [uspto.gov]
Read the claims... (Score:4, Informative)
Points 10 - 13 explain what it is they are 'inventing' that is different from existing schemes. They list IE's auto complete, and say it has a failing in that anyone using the computer can autocomplete the form (thus it is not very secure), they mention quicken having a very similar method of requiring one master password to complete any password diaglog, but say that it is not ideal because the API is closed for quicken's exclusive use.
The crux of their solution is that they want to make a generic API that allows their 'invention' to provide a password where requested to any application, browser window or similar.
Of course, as other people have already pointed out, this too has already been done. Novell's single-signon pops to my mind, and I'm sure a lot of other people have done this as well.
you're missing the point (Score:2, Insightful)
Does it have prior art? I really don't know. Is it a silly patent? You bet. But thanks to its patent portfolion, IBM can beat up SCO and hold Microsoft at bay. Until software patents are abolished, companies need to keep applying for this kind of stuff.
Re:you're missing the point (Score:2)
Apple's Keychain doesn't work that way, however. It handles the login/password seamlessly behind-the-scenes so that once you've entered a login and password (and confirm that Keychain should handle it in the future) the login happens without presenting the user with a l
Re:you're missing the point (Score:2)
Sure it does: at some point, in some application, it popped up a dialog box asking you to authorize it; it's just that you told it to remember.
so that once you've entered a login and password (and confirm that Keychain should handle it in the future) the login happens without presenting the user with a login panel at all.
You say that as if it's a good thing.
However different the UI implementation is, it seems to me that the basic concept is the same an
Re:you're missing the point (Score:2)
In this case, because the Keychain would appear to be a well-known piece of prior art, which would make it unpatentable (at least by IBM). Whether Apple was first or in the middle is irrelevant to the instant case (as long as it was before IBM
People like to drag Apple into lots of things because even if they didn't invent something, or w
It's okay people.... (Score:3, Interesting)
Re:It's okay people.... (Score:2, Insightful)
Dontcha love Gator? (Score:2, Funny)
Here's what it really is (Score:5, Informative)
This is merely a PUBLISHED PATENT APPLICATION, not a PATENT. There is no indication that the application has as yet been examined. The most that can be said is that IBM has asked to patent what is claimed. Whether it will be allowed, amended, etc., remains to be seen. Anyway, this is claim 1, which is representative of what IBM is going after in this patent:
1. A method within a computing platform of graphically providing a secure field value retrieval and entry, wherein said computing platform includes a display device, a field activation device and a user selection device, said method comprising: displaying a user dialogue to receive a master key value from a user responsive to activation of a field; receiving a computing context indicator regarding the context of said activated field; determining said master key value is a correct master key value; retrieving a field value from a secure field value store which is associated with said computing context, said activated field and a user identification; and automatically entering said retrieved field value into said activated field.
Maybe the examiner will find the good prior art, or maybe even IBM will be good enough to cite it themselves. In any event, what would be NICE, rather than relying merely on the effectiveness of the examiner and the bona fides of the applicant, would be a mechanism to take comments from the public on pending patent applications after they are published and after (or maybe even before) they are examined. This is (more or less) how it works in most other countries (it's called "opposition"), and variations of this approach have been suggested many times in this country and repeatedly shot down or watered down to the point of being useless. Now the Federal Trade Commission is jumping on this as well (it is one of their recebnt suggestions), but it will probably get nowhere because the small inventor lobby (decidedly NOT the IBMs of the world) is too strong.
IBM, as some other poster has pointed out, has been pretty much a model citizen in the patent world.
Re:Here's what it really is (Score:2)
Gator? (Score:3, Funny)
How to get richer: (Score:2, Funny)
1. Steal someone's unpatented invention
2. Patent it yourself
3. Get patent granted...It's easy to do! After all, the patent office is so clueless they would probably issue a patent for: "Brown 25 Organic Lubricant" (see: "The Kentucky Fried Movie") these days.
4. ????
5. Profit!
Re:Prior Art (Score:2, Insightful)
While I don't believe this is patent worthy, the whole idea of a password wallet/keyring/etc would be much better than what many office workers do -- "hide" their passwords and usernames on a piece of paper that is right under their keyboard.
-CPM
Re:KeyChain (Score:2, Informative)
And an article Sep 27th, 1993 [tidbits.com] talks about PowerTalk's upcoming release. So yeah, good luck with that patent IBM.
Re:quit crying (Score:2)
Re:patent reviewing (Score:2)
Re:Apple's KeyChain anyone? (Score:2)
Re:Apple's KeyChain anyone? (Score:2)
Yours,
Jordan Dea-Mattson