Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Applies for Password Manager Patent

Posted by CmdrTaco on from the isn't-that-special dept.

An anonymous reader writes "As of August 21, IBM has applied for a patent on "A convenient and secure system and method for access to any number of password-protected computer applications, web sites and forms without adding to the user cognitive load and without circumventing the inherent security of such password-protection schemes. An existing password field on a device display is overlaid with password wallet pop-up field which allows a wallet "master" key to unlock the wallet. An application-specific and/or user-specific password is automatically retrieved from the wallet and entered into the password field with no other user action required." This isn't much different from Mozilla's "Master Password"."

6 of 247 comments (clear)

  1. Not necessarily bad... by PoiBoy · · Score: 5, Interesting
    Think of it this way. You could have IBM apply for this patent, or you could have some less scrupulous company. For all intents and purposes, IBM will never make a penny from this patent. Moreover, IBM is more likely to allow others to use this technology without filing patent infringement suits than some other company like amazon.com with its one-click shopping.

    Said another way, IBM having the patent just prevents some VC-backed cyber squatter patent the idea and then demand royalties from everyone under the sun.

    --
    Sig (appended to the end of comments you post, 120 chars)
  2. Re:Prior art by the+eric+conspiracy · · Score: 4, Interesting

    the only thing the USPTO considers as prior art are previous patents, until the said patent challenged in the courts.

    Not true at all. The USPTO does dog food as a preference, but if you try to patent something and include references to scientific literature in the patent, it is quite likely that the examiner will turn around and use those references against you.

  3. Re:Yet Another Uninformed Patent Story by pauljlucas · · Score: 2, Interesting
    However, the claims themselves do not cover the general idea as I originally said.
    Again, it depends on how broad the claim is. If you got a patent on a steam engine that contained a broad claim about converting steam into mechanical motion, then whether you generate steam by burning wood or coal or whatever, or move up/down or back/forward along rails, is irrelevant: you are in violation. The job of a patent attorney is to get the broadest claims possible to cover as much as possible, including methods and other inventions that don't currently exist.
    For example, here the general idea is password management.
    Well if you want to go crazy with generality, the general idea is security: passwords are just one method for providing security. No, the least-general "general idea" is using one master password to provide access to others so users only have to remember one password. If you invent something else that does that, you are in violation.
    --
    If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
  4. It's okay people.... by herrvinny · · Score: 3, Interesting

    Don't start slapping IBM and putting on your tinfoil hats people. If IBM doesn't patent this, chances are someone else will, and then sue IBM. Yes, it might be the most obvious thing in the world, and I hate myself for not applying for this patent myself, but in the hands of IBM, it's more or less safe. IBM's not going to sue anyone unless they start spewing FUD like SCO. Hell, I'd prefer this patent in the hands of MS than in anybody SCO-like. Say what you want about MS, but they have tons of patents as well, but they're very lax about enforcing them. Better a patent with IBM/MS than with someone like SCO or Eolas.

  5. Re:Yet Another Uninformed Patent Story by iabervon · · Score: 2, Interesting

    The outline of the idea, however, is as given in the claims, which need to be sufficiently specific to allow a working implementation to be produced based on the description. This is because the point of the patent office is to make the techniques necessary to make an invention work commonly known (patens), as the price of giving the inventor the right to limit implementations of the techniques. This is to contrast with trade secrets, where the inventor gets no protection from the law, but does not have to reveal the technique.

    Chances are that IBM has some innovation here, and isn't claiming the master password idea (which has been used for decades), but some refinement on it. Of course, they're probably not going to reveal what the innovation is just yet, since they aren't supposed to. (One of the issues with the patent which applied to GIF was that the technique had been published by the inventor for more than a year before the patent application was submitted.) There are, of course, plenty of issues with current master password systems, any of which IBM might have found a way to overcome, and this method would then be patentable.

  6. Re:Actually read the claims... by femto · · Score: 3, Interesting
    Sounds like a Trojan Horse to me.

    So the user thinks they are typing their password into site XYZ's mega secure web site, when they are actually typing it into IBM's not so secure widget? What are the consequences when this 'password widget' gets cracked? The user is not aware of even the possibility of a crack because they are not aware the widget exists.

    Not to mention the possibilities for a virus/worm installing its own version of a 'password widget', which the user will again not be aware of.