Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Applies for Password Manager Patent

Posted by CmdrTaco on from the isn't-that-special dept.

An anonymous reader writes "As of August 21, IBM has applied for a patent on "A convenient and secure system and method for access to any number of password-protected computer applications, web sites and forms without adding to the user cognitive load and without circumventing the inherent security of such password-protection schemes. An existing password field on a device display is overlaid with password wallet pop-up field which allows a wallet "master" key to unlock the wallet. An application-specific and/or user-specific password is automatically retrieved from the wallet and entered into the password field with no other user action required." This isn't much different from Mozilla's "Master Password"."

12 of 247 comments (clear)

  1. Prior art by Motherfucking+Shit · · Score: 5, Insightful
    This isn't much different from Mozilla's "Master Password".
    Or from Apple's "Keychain." Or even from Gator, for that matter...
    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    1. Re:Prior art by noda132 · · Score: 5, Funny

      And Microsoft's Passport thing? Isn't it meant to include that functionality as well?

      No, read the story again. It distinctly says, "a convenient and secure system" (emphasis added).

    2. Re:Prior art by zieroh · · Score: 5, Informative

      This "fact", while oft-repeated, is unfortunately completely untrue. The patent office may not do a stellar job of investigating for prior art, but technically any prior art, patented or not, counts.

      Please stop repeating this falsehood.

      --
      People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
  2. Who do we like today? by Anonymous Coward · · Score: 5, Funny

    SCO story... YAY IBM

    Patent story... BOO IBM

    do we like Apple today too? or is this an anti apple day? it's hard to keep up

    1. Re:Who do we like today? by bug-eyed+monster · · Score: 5, Insightful

      I would say...

      SCO Story... BOO SCO and the American judicial system for allowing to let this farce go on for so long

      Patent Story... BOO USPTO for allowing American corporations to behave like this.

      Generally.. Boo the American government for giving corporations so much power.

  3. Novell by jrwillis · · Score: 5, Insightful

    This is also seen in Novell's "Secure Sign-on".

    --
    Keep Austin Weird!
  4. Yet Another Uninformed Patent Story by servoled · · Score: 5, Insightful

    Please try to remember that the abstract of a patent doesn't mean a single thing legally. It is just a short summary of the invention, nothing more. The claims are the only part of the patent that has any legal power, and since the poster failed to actually link to the patent or give us the patent number it is hard to say what this patent would cover.

    Also try to remember that a patent is for a specific implemenation of an invention and does not cover the general idea of the invention itself. If this were granted it would be possible to come up with your own implementation for password management and not be infringing on the patent.

    --
    "I have a porkchop, you have a porkchop. I have a veal, you have a veal".
  5. Not necessarily bad... by PoiBoy · · Score: 5, Interesting
    Think of it this way. You could have IBM apply for this patent, or you could have some less scrupulous company. For all intents and purposes, IBM will never make a penny from this patent. Moreover, IBM is more likely to allow others to use this technology without filing patent infringement suits than some other company like amazon.com with its one-click shopping.

    Said another way, IBM having the patent just prevents some VC-backed cyber squatter patent the idea and then demand royalties from everyone under the sun.

    --
    Sig (appended to the end of comments you post, 120 chars)
  6. More prior art at Bell-Labs - 2002 by DrSkwid · · Score: 5, Informative

    http://plan9.bell-labs.com/sys/doc/auth.html

    The Fourth Edition of Plan 9 includes a substantially reworked security architecture, described in the USENIX Security 2002 conference paper [html, ps, pdf] by Russ Cox, Eric Grosse, Rob Pike, Dave Presotto, and Sean Quinlan.

    One particular aspect that other operating systems may wish to adopt is our single-signon solution. A process called factotum is used to hold credentials like passwords and public/private keypairs and perform cryptographic operations. Factotum allows clients to speak a variety of cryptographic protocols and therefore legacy application servers can participate in our single-signon system without change and without even knowing it exists.

    The factotum has no direct permanent storage, but rather fetches credentials at startup from a secstore server on the network. To authenticate safely with the secstore, Password Authenticated Key-exchange is used; this implies that the user just has to remember and type one password and passive eavsdroppers or even active malicious intermediaries can not launch even a dictionary attack against the system. The credentials are encrypted for storage on secstore, so even an administrator there would have difficulty reading them.

    --
    There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
  7. Responsibility by Anonymous Coward · · Score: 5, Funny

    The person who allowed the patent at the patent office should personally be responsible for any prior art they find afterwards. This person should be obligated to eat a copy of all specifications of prior art available. Either they would learn to appreciate and to digest cellulose or they would take a closer look at the papers they sign.

  8. Just make an opinion check by Lord_Slepnir · · Score: 5, Funny
    Here's how you do it: First, select which company it is from the first chart. Then apply any of the modifier from the second chart. Roll a d20. If you can beat that DC, then we like that company. If you fail, you hate that company.

    Comanies:
    SCO: DC 30
    IBM: DC 10
    Microsoft: DC 20
    Amazon: DC 15
    MPAA / RIAA: DC 30
    Apple (If you use Macs): DC 5
    Apple (otherwise) : DC 15
    RedHat: DC 5
    Disney: DC 15
    US Government: DC 20
    Other Government: DC 10


    Modifiers:
    Is switching to linux: -20
    Is switching from linux: +15
    Is going after Microsoft: -10
    _____ vs. SCO : -20
    Files a BS patent: +10
    Is being investigated by the US government for anti-trust or Fraud: -5

    In this case, we have IBM, a DC 10 check. We add a +10 Filing BS patent modifier, and we realize that we'll have to roll a natural 20 to make this check. I rolled a 18, so while I come close to supporting them, I just can't and decide to waste a bunch of my time making these charts instead.

  9. Actually read the claims... by RevMike · · Score: 5, Informative

    If you actually read the patent application, you'll see that they are patenting something much more narrow than you think.

    IBM is attempting to patent a UI hack that will detect a signon request from a website or other application, and superimpose their master signon dialog. They are NOT attempting to patent the ideas that are covered by Keychain or Mozilla's autofill. By superimposing their own "widget" exactly where the application specific logon would be, this master signon system preserves the flow of the application UI.

    By comparison, the Keychain and autofill solutions can be more intrusive, and can be less secure. IBM's master signon would be entered every time I need to signon. I'd only need to remember one password. By comparison, Keychain and autofill don't require one to log into each application. An office worker can walk away from their desk without locking their screen saver and someone can use their accounts.