TiVo Awarded Patent For Password You Can't Hack

← Back to Stories (view on slashdot.org)

TiVo Awarded Patent For Password You Can't Hack

Posted by Zonk on Saturday May 12, 2007 @12:47PM from the un-hack-able dept.

Davis Freeberg writes "TiVo has always been known for thinking outside of the box, but this week they were awarded an unusual patent related to locking down content on their hard drives. According to the patent, they've invented a way to create password security that is so tough, it would take you longer than the life of a hard drive in order to figure it out. They could be using this technology to prevent the sharing of content or it could be related to their advertising or guide data, but if their encryption technology is really that good, it's an interesting solution for solving the problem of securing networks."

25 of 291 comments (clear)

Min score:

Reason:

Sort:

A really long one? by loftwyr · 2007-05-12 12:53 · Score: 3, Insightful

So it's like a really character password with random characters and punctuation and stuff?

That doesn't sound like it would be worth a patent.

Then again, it might be more interesting and have non-typeable characters...

Or maybe just "Joshua"
longer than the life of a hard drive in order .... by frovingslosh · 2007-05-12 12:58 · Score: 4, Insightful

Wasn't about the same thing said for the DVD protection system? All security systems like this fall apart when the user had the device being hacked in his hands.
And what if it's a WD drive they are talking about? The life of those is so low they had to drop their warranty to 1 year because they admitted 3 years would put them out of business. (The reason I only use Segate 5 year warranty drives).

--
I'm an American. I love this country and the freedoms that we used to have.
Re:So.... by Anonymous Coward · 2007-05-12 13:00 · Score: 5, Insightful

I want to know if the patent is invalidated when it's broken.

(ie: does making outlandish and incorrect claims in a patent invalidate it?)
Re:So.... by rob1980 · 2007-05-12 13:01 · Score: 5, Insightful

No shit. The second your product gets into a consumer's home, its "unhackable" status vanishes.
Yet another reason not to get a Series3 TiVo by Mr2001 · 2007-05-12 13:02 · Score: 4, Insightful

I have two Series2 units and I love them. But there's no way in hell I'd spend PS3-level prices on a Series3 recorder, especially with the lack of TivoToGo and now this bullshit.

Look, if I buy a device that has a hard drive in it, that hard drive is mine. The data on it is mine. If you don't want me to access it from the "wrong" host, maybe you shouldn't have sold it in the first place. You can have all the control you want over that hard drive while it's gathering dust in your warehouse.

--
Visual IRC: Fast. Powerful. Free.
1. Re:Yet another reason not to get a Series3 TiVo by tlhIngan · 2007-05-12 16:02 · Score: 2, Insightful
  
  I have two Series2 units and I love them. But there's no way in hell I'd spend PS3-level prices on a Series3 recorder, especially with the lack of TivoToGo and now this bullshit.
  
  Look, if I buy a device that has a hard drive in it, that hard drive is mine. The data on it is mine. If you don't want me to access it from the "wrong" host, maybe you shouldn't have sold it in the first place. You can have all the control you want over that hard drive while it's gathering dust in your warehouse.
  
  The blame for that doesn't go with TiVo, but with CableLabs. You see, either the Series 3 TiVo cannot receive high-def cable at all using CableCARDs, (in which case, well, you might as well stick with a tried and true series 2), or you have to agree to the rather onerous terms of the CableLabs license to use CableCARD. And part of the CableLabs agreement involves stuff like what TiVoToGo does.
  
  Heck, only recently have Series 3 TiVos had their eSATA ports turned on. Part of this is where the CableLabs agreement was modified to allow external storage of CableCARD protected media, provided said media was encrypted (I'm sure TiVo was the primary cause of this change). In fact, it's possibly the reason why TiVO got this patent - the encryption is for the external eSATA disk.
  
  That's probably why if you can stand it, your cable company's HD box can output via Firewire - its not bound by the CableLabs agreement since the cable company wants you to rent their boxes. And would prefer to lock you into those boxes, rather than letting outsiders mess with their locked-up cable signal. It's the only reason CableCARD is around - the FCC demanded a way for people to get access to encrypted cable signals without needing a special cable box to do it. (And many cable companies are trying to make CableCARDs as inconvenient to get as possible.)
  
  Also why development of CableCARDs has been slow. Cable companies want to control everything - the menu you see, the guide, the layout of graphics, etc (and the ads in the cable menus). TiVo conveniently skips all that crap and uses its own interface.
  
  Cable companies would prefer to have everything locked up and under their control, much like cellular carriers. Unlike cellular carriers, there often isn't competition about it. Heck, in Canada, my cable company (Shaw) does not carry CableCARDs because the current revision won't let them have their crappy UI, and support pay-per-view or other "enhanced" (i.e, pay to use) features, just receive their digital cable and high-def cable service. (Of course, they don't have to, but it would be nice. I'd buy a series 3 TiVo in an instant if they did, instead of going without and thus losing the potential subscription revenue.)
Why so much effort by pembo13 · 2007-05-12 13:04 · Score: 2, Insightful

... to work against the consumer?

--
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
1. Re:Why so much effort by houghi · 2007-05-12 19:05 · Score: 3, Insightful
  
  because the consumer is not their customer.
  
  --
  Don't fight for your country, if your country does not fight for you.
Re:And the password is... by Aoreias · 2007-05-12 13:14 · Score: 1, Insightful

If you're going to base64 encode it, just do it right and encode the bytes themselves. CfkRAp1041vYQVbFY1aIwA==

--
We've upped our standards. Up yours.
can we get the old hahaha tag now by zappepcs · 2007-05-12 13:18 · Score: 4, Insightful

I love it when someone says that 'x' can't be done.... that is sure to bring on the people that show it can be done

--
Support NYCountryLawyer RIAA vs People
1. Re:can we get the old hahaha tag now by El_Oscuro · 2007-05-12 14:01 · Score: 2, Insightful
  
  Larry Ellison once said of Oracle "can't break it, can't break in". From a security view, Oracle then was a total POS. Even worse than Windows - the worst was 9i release 1. Now, it is a little better as long as you are running 10g R2. If you are running any earlier version of Oracle, upgrade now before your databases are 0wn3d. Better yet, secure them behind firewalls from your corporate intranet. I think Larry used the quote to get some free R&D from the hackers. Now, they can't use any sales pitch to our organization with the work "break" in it without getting laughed out of our building.
  
  Anyway, now they are calling their version of Linux "Unbreakable". All they did was put their logos on Redhat EL4. At least they could have added a configuration option for running an Oracle database
  
  --
  "Be grateful for what you have. You may never know when you may lose it."
Re:I've done this before just for fun. by CedgeS · 2007-05-12 13:24 · Score: 4, Insightful

Essentially they are claiming: Using a wire-secure challenge system between a hard drive and a host.

In the text they mention prior art of both:
1. Using a challenge system between a hard drive and a host
2. a wire-secure challenge system

Even if no one has ever put cryptographic functions into a hard drive (I'd be surprised) virtually every cryptography paper talks about all of the communications in the only meaningful terms, abstract ones, implying in a way obvious to non-experts that it can be used between any equipment.

This, like many other bad patents, is at best a land-grab for a specific piece of territory so well discovered, mapped, and understood that claiming a portion of it is just ridiculous.
The patent that will never reach courts. by DrYak · 2007-05-12 13:30 · Score: 4, Insightful

"Unhackable" passwords ?!?

At least you know nobody is going to get sued over this one. Ever.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
What good...? by Torodung · 2007-05-12 13:40 · Score: 2, Insightful

...is a message in a HERMETICALLY SEALED bottle?

Imagine what the historians and archaeologists are going to do with these doorstops. The quest for perfect data security is beginning to sound an awful lot like the final pages of _Fahrenheit 451_.

--
Toro
Re:Sure, uncrackable like every uncrackable code by bluefoxlucid · 2007-05-12 13:50 · Score: 2, Insightful

A cryptography chip is software, in the same way a Super Nintendo ROM is software. This software happens to be implemented in a different physical manner, but it still performs a set of logical operations.

--
Support my political activism on Patreon.
Cryptographic Challenge-Response Authentication? by dircha · 2007-05-12 14:01 · Score: 3, Insightful

"The information can only be accessed by a host if the host can respond to random challenges asked by the disk drive. The host's responses are generated using a cryptography chip processing a specific algorithm. This technique allows the disk drive and the host to communicate using a coded security system where attempts to break the code and choose the correct password take longer to learn than the useful life of the disk drive itself."

In what novel way - or any way for that matter - does this differ from standard cryptographic challenge-response authentication? I mean, maybe they are using an extremely long generated series of psuedorandom keys, secrets, responses, or all 3 but I don't see how that is novel. Or perhaps incorrect responses result in the disk controller becoming non-responsive for a short period to increase the time required to exhaust the series, but that isn't novel either.

Any ideas?
How is this news? by Sycraft-fu · 2007-05-12 14:02 · Score: 5, Insightful

It's not like good crypto is hard to come by. I mean if I pick a good password with AES you aren't cracking that in your lifetime, much less the life of a harddrive. The problem isn't a good password, the problem is that DRM tries to use crypto for something it isn't made for. Crypto is about keeping out non trusted parties. That's how SSH works. You have the key, the server has the key and thus only you and the server can decrypt the traffic. Anyone else can capture everything if they want, and they are going to get all of nowhere with it.

The problem with DRM is that the person who is the recipient is also one of the people they want to keep out. This creates a problem: To decrypt the message (by message I mean whatever they are giving you, video, song, game, whatever) you have to give them the key. However, if they have the key, well then they can decrypt it and do what they want with it.

This leads to all the tricky, and ineffective, stuff we see these days. They try to hide the key so that only the device can find it and you can't get at it. Well that just don't work. It can make it so it isn't as simple as just copying a disk, but as we've seen with the AACS break, you can't hide that shit from a determined attacker. The key IS on there, it CAN be found.

So I don't care how good their password scheme is. AES-256 with a 64 character password is good enough to last until the sun goes dark (or at least until quantum computing becomes a reality) but that doesn't buy you anything if you have to hand out the key as part of your scheme as is required by DRM.
Re:Read the patent... by CedgeS · 2007-05-12 14:04 · Score: 2, Insightful

Yes. It's also possible, and probably cheaper (in the long run) to queue up the video you want to rip and sniff the wires coming out of the drive. If the data on the drive was actually encrypted it would require no special mechanism in the drive to protect it. The host that accesses it either has the secret and thus the authentication to decrypt it, or it doesn't.
Re:Cryptographic Challenge-Response Authentication by CedgeS · 2007-05-12 14:12 · Score: 2, Insightful

There's nothing novel here. This differs by the no-longer novel method of making a patent claim by asserting that you have "invented" using someone else's broad and univerally applicable method in a specific instance.
Re:So.... by gregarei · 2007-05-12 14:18 · Score: 2, Insightful

Now, nobody mess this one up like HDDVD and release a crack until a substantial amount of media has been released on the platform.
Re:So.... by Dun+Malg · 2007-05-12 15:18 · Score: 4, Insightful

Tivo loses because the person says they couldn't have broken the tivo code because the code is unbreakable, if they did, then Tivo loses the patent. Don't be daft. The vague boasts in the patent abstract are irrelevant to the validity of the patent. You could claim in the abstract that your patented method will grant the user perpetual happiness. All that's relevant to the validity are the claims, and those are purely descriptive of function.

--
If a job's not worth doing, it's not worth doing right.
Re:slashdot is just plain immoral by dgatwood · 2007-05-12 15:22 · Score: 2, Insightful

It has nothing to do with copy protection. You don't honestly think TiVo gives a rat's ass about copy protection, do you? They care exactly as much as is necessary to keep from getting sued. The Series 1 was probably sufficient. No, the new anti-consumer trend in TiVo has nothing to do with copy protection and everything to do with upgrade prevention.

Every person with a Series 1 TiVo and a giant hard drive is someone to whom they didn't sell a Series 3 TiVo. They naively think that by locking down the drive so that it is locked to their hardware and can't be cloned, people will magically decide "I can't upgrade this one, so I should buy a new one that's bigger." Of course, they're right. Some people will. However, most smart people will see it for what it is, will raise their middle fingers in TiVo's general direction, and will buy a product from one of their many competitors.

Farewell, TiVo. We hardly knew ye.

--
Check out my sci-fi/humor trilogy at PatriotsBooks.
Re:So.... by jddj · 2007-05-12 15:29 · Score: 5, Insightful

I don't think so.

In the US at least, there's no requirement that a patented idea or invention or system actually do anything useful or work or even do what it claims.

There are numerous patents for mind-reading devices, nutjob free energy systems and perpetual motion machines, and searching the USPTO database for the "hyper-light-speed antenna" will produce some interesting reading.

Might as well patent completely unbreakable DRM.
Re:Warranties by Nazlfrag · 2007-05-12 17:44 · Score: 2, Insightful

I think you meant, "I lost all my important data on my hard drive from failing to make backups."
Does it matter? by Opportunist · 2007-05-12 17:46 · Score: 2, Insightful

Let's be honest and blunt here. When (note, when, not if) the password is cracked, what does it mean? That you can strip the ads and distribute what's on the HD. Do you care about patents when you got that in mind? No.

So, why is it in any way meaningful whether that invalidates a patent which doesn't mean jack in the first place?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.