Kim Dotcom Wants Money From Google, Twitter For 2-Factor Authentication

Nyder writes "Kim Dotcom posted via Twitter, with a link to Torrentfreak, that he owns a security patent US6078908, titled 'Method for authorizing in data transmission systems.'" Techdirt points out that Dotcom isn't just asking for financial help: Instead, he's asking companies which use two-factor authentication "to help fund his defense, in exchange for not getting sued for the patent. He points out that his actual funds are still frozen by the DOJ and (more importantly) that his case actually matters a great deal to Google, Facebook and Twitter, because the eventual ruling will likely set a precedent that may impact them -- especially around the DMCA." Update: 05/23 14:23 GMT by T : Why is this relevant to Twitter? If you're not an active Twitter user, you might not realize that (after some well publicized twitter-account hijackings), the company is trying to regain some ground on security. Nerval's Lobster writes "Twitter is now offering two-factor authentication, a feature that could help prevent embarrassing security breaches. Twitter users interested in activating two-factor authentication will need to head over to their account settings page and click the checkbox beside 'Require a verification code when I sign in.'"

So will RSA now put a boot up his ass?

So will RSA now put a boot up his ass?

Here's what you say

FUCK OFF Kim Dotcom.

You fucking wanker.

Re:Here's what you say

[lxs]

Someone should lock Julian Assange, John Mcaffee and Kim Dotcom in one room for a month and film it. I'd probably pay to watch that.

Re:Here's what you say

[serviscope_minor]

Please add Steve Ballmer and a good supply of chairs.

Re:Here's what you say

[DogDude]

Kim Dotcom would just eat the other two.

Re:Here's what you say

[cavok]

You are missing RMS there..

Re:Here's what you say

[Nadaka]

That depends on if Mcaffee has a supply of bath salts.

Re:Here's what you say

[MightyMartian]

Indeed. Would somebody please put this worthless piece of crap in jail.

Re:Here's what you say

The DOJ is actively trying to do exactly that.

Re:Here's what you say

[PRMan]

First, Ballmer throws a chair at Assange but he catches it and stands on it to make sure that he's bigger than everyone in the room. Dotcom then eats Mcafee but immediately has a heart attack because of eating too much salt. Ballmer charges at Assange but his plan of attack is all screwed up and he hits the wall instead. Assange writes about the deaths of all the others on a Wikileaks exclusive.

Re:Here's what you say

Are you Slashdot's most renowned trolls? If so then why should we listen?

Re:Here's what you say

Assange writes about the deaths of all the others on a Wikileaks exclusive.

After having sex with their corpses...

Re:Here's what you say

Well, duh

Re:Here's what you say

[AlphaWolf_HK]

Bass to mouth?

Extortion maybe?

[zitsky]

What is the definition of extortion, Alex?

Re:Extortion maybe?

[GodInHell]

Offering to waive a right in return for settlement without bringing suit is not extortion.

Re:Extortion maybe?

[Yvanhoe]

It is, but in US it is legal.

Re:Extortion maybe?

[K.+S.+Kyosuke]

Offering to waive a right in return for settlement without bringing suit is not extortion.

Wow, that means that the Prenda and MAFIAA guys are actually good guys!

Re:Extortion maybe?

Threatening others with patents are bad... Well until it's done by someone we like. Then clearly it's okay. Slashtard hypocrisy never fails to amuse.

Re:Extortion maybe?

[bsane]

Don't hate the player, hate the game ;-)

Re:Extortion maybe?

[Khyber]

"What is the definition of extortion, Alex?"

Funny that you ask me, since I have an extortion charge on my criminal record.

This isn't extortion. There's no criminal threat to cause bodily harm or injury to reputation going along with the demand for money. 'Pay or I sue' is not extortion. 'Pay or I'll hurt you somehow' is.

This is essentially how our patent system is supposed to work.

Re:Extortion maybe?

Thanks for proving my point.

Re:Extortion maybe?

[Desler]

And yet when other companies do this they are string up and all the comments are about how trivial and obvious it is. But now that it's a Slashdot hero the comments are strangely silent on that.

Re:Extortion maybe?

[gstoddart]

So, "give me money to help defend against this lawsuit or I will file one against you" isn't extortion?

I'm not sure I agree with that interpretation.

Re:Extortion maybe?

[Desler]

Nice mental gymnastics there. If this were Mosaid doing the exact same thing the comments would be filled with nothing but attacks and how the patent is invalid and obvious, etc. Interesting to see that apparently Kim Dotcom has the only valid software patent in existence.

Re:Extortion maybe?

[gstoddart]

Except this is "help pay for my legal defense against this, and I won't sue you for that".

The suggestion of a lawsuit over an unrelated matter would definitely seem to be a threat, and would therefore be extortion, no?

Re:Extortion maybe?

The game is not something separate and apart from those playing it. It ~is~ the players.

Re:Extortion maybe?

[Khyber]

No, there needs to be direct threat of personal injury or harm to a protected status in order to trigger extortion.

Nothing Dotcom has said applies.

Re:Extortion maybe?

And yet when anyone else uses patents in the same manner it is always referred to as extortion despite no threat of personal injury, etc. Stop being a fucking hypocrite just because it's Kim Dotcom.

Re:Extortion maybe?

There's the legal definition of extortion and then there's the English language definition of extortion. What Kim Dotcom did is not legal extortion, but it certainly falls under the English language definition.

Re:Extortion maybe?

[Desler]

Impossible! Kim Dotcom is a freedom-fighting hero! How dare you speak ill of him! You fucking MAFIAA shill!

Re: Extortion maybe?

[iamhassi]

We don't like Kim dotcom

Re: Extortion maybe?

How is Kim dotcom a slashdot hero? He's an arrogant asshole who only cares about himself and thinks he's better than everyone

Re: Extortion maybe?

[Desler]

Because numerous posters treat him as such. He also gets plenty of gushing stories posted about him by the editors. Are you being intentional dense?

Re: Extortion maybe?

[iamhassi]

Doesn't matter, he has no money to fight his own legal battles, much less go after google. And wasn't he arrested for having a website that encouraged stealing movies? Ironic he's now upset people are "stealing his patent" (quotes because he hasn't proven anything in court yet)

Re:Extortion maybe?

[Runaway1956]

The second AC to post sums it up. Without the players, there is no game. The players ARE the game.

Re: Extortion maybe?

[Desler]

So explain the hivemind circle jerks that go on whenever one of the many gushing submissions about him are posted.

Re: Extortion maybe?

[MightyMartian]

If he has no money to fight his legal battles, he has no money to sue Google or anyone else. So I think the appropriate response should "Fuck off."

Re: Extortion maybe?

[NFN_NLN]

If he has no money to fight his legal battles, he has no money to sue Google or anyone else. So I think the appropriate response should "Fuck off."

That's how you know the system is working properly: winning isn't based on the validity of the patent... it's based on how much money you have.

Sarcasm off.

Re:Extortion maybe?

I've known Kim since the Amiga days here in Germany, I've met him many times. He is possibly the most dishonest person I've ever met. I'm saddened he's become a poster boy for the Torrent/Anti-Big Media crowd. His profiteering from piracy distracts from real issues. Very sad.

Re:Extortion maybe?

If Khyber said: "The law clearly says, that threatening others with lawsuit IS extortion", then in your mind he wouldn't be a hypocrite, yes? Only then, he'd be lying. Let me quote an actual lawyer, Hanna Hasl-Kelchner:

"Getting sued is no fun. But to determine whether it rises to the level of extortion requires a closer look at what extortion really is.

Legally, extortion happens when someone unlawfully gets something (money, goods, or services) through coercion. So we have two key drivers of this definition: unlawfulness and coercion.

While we may not like lawsuits, it’s not necessarily unlawful to file a suit. The only way a suit is “unlawful” is if it’s “frivolous.” Now what’s frivolous to you may not necessarily be frivolous to the court, and certainly not to the plaintiff who has filed suit.

The law imposes a high standard before a claim or a case is deemed frivolous and thrown out. A case is frivolous if you assume everything they claim is true and there is still no chance the plaintiff can win. Few cases meet that test because there is usually a question of fact and some theory of law on which they can hang their hat." (Quote stolen from the Allbusiness.com blog post)

So Google, Twitter and Facebook would have to prove the lawsuit is frivolous and only then the prosecution could charge Dotcom with extortion. I hope that settles it (excuse the pun).

And yes, the dictionary definition of extortion might be a bit different, but since we're talking about legal matters, the dictionary has no overriding powers here.

Finally, it is ironic, that a man who enabled and encouraged organised theft of intellectual property, is now raging that his own intellectual property has been stolen. Now THAT is hypocrisy to the power of 10! If I were responsible for Google's legal matters, I'd say "let him file the suit" just for the heck of it. Kim has no money to finance one suit he's already facing, let alone file another one. I'd just be interested to know what his contingency plan was, in case the threats didn't work :)

Re:Extortion maybe?

Offering to waive the right to swing a ball-bat in return for compensation is extortion either.

However when you materially threaten to hit something or someone with that ball bat unless you get paid it absolutely is extortion. The only difference is that patent extortion is legal and encouraged.

Re:Extortion maybe?

[gstoddart]

Well, hopefully there's an equivalent point in law for what they're doing -- because it has a lot of the same hallmarks as extortion.

Re: Extortion maybe?

[cheekyjohnson]

I've seen people stick up for his rights, but I haven't really seen where a majority of people here think he's an actual hero.

Re: Extortion maybe?

[tattood]

If he has no money to fight his legal battles, he has no money to sue Google or anyone else.

I'm sure one of the many patent troll companies would be happy to foot the bill for the legal costs in return for a large chunk of the settlement if they win.

Re:Extortion maybe?

[Khyber]

If Kim files suit and the suit is found frivolous, there's a chance of extortion charges being laid against him, but more likely he'll be hit with vexatious litigant status and from there, pretty much no lawyer will take up any of his cases, except public defenders when he lands in a court room on criminal charges.

Re:Extortion maybe?

Lets not get carried away here.

Re:Extortion maybe?

BIG DIFFERENCE.

kim's patent has merit and is a solid foundation for lawsuits -- prenda and mafaii cases have neither.

Re:Extortion maybe?

[DahGhostfacedFiddlah]

I'd never heard of Kim Dotcom before the raid, and my opinion of him has been shaped solely by /. comments (who has time to RTFA?). So I'm in a pretty good position to comment on the "Slashtard hypocrisy".

The general consensus seems to boil down to "He's a dick who's on the right side of one specific issue". So you'll see comments supporting him in the one specific issue, but you'll see other comments decrying his general dickishness - including his current patent trolling.

However, I'm not really sure having a nuanced view of a person really qualifies as "hypocrisy".

Re:Extortion maybe?

"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."

- H. L. Mencken

Re: Extortion maybe?

[squiggleslash]

Because he's made a fortune helping people get movies and music without paying. Well, without paying the producers of those movies and that music.

And this is Slashdot, so helping a bunch of leechers makes him a hero because MAFIAA.

Re:Extortion maybe?

The actual tweet: "Google, Facebook, Twitter, I ask you for help. We are all in the same DMCA boat. Use my patent for free. But please help funding my defense."

Does this look much like prenda and mafiaa?

Re: Extortion maybe?

[PoolOfThought]

Numerous voters treat the current president as a hero who only poops sunshine and rainbows and is constantly fighting the good fight. And numerous voters treat the previous one as such also. It doesn't make either one of those an "American hero" - not even close.

Re: Extortion maybe?

[AbsGeekNZ]

exactly what I was thinking!

Re: Extortion maybe?

[Yvanhoe]

You say it like it is not an intended feature...

Good luck enforcing that patent

I don't see Kim hopping on a US-bound plane to sue the infringing companies any time soon. They must be shaking in their boots.

Re:Good luck enforcing that patent

[PRMan]

I'm pretty sure they said it was valid in a dozen countries and that Google, Facebook, Twitter, etc. are international companies...

doesn't he also have

[nopainogain]

a couple million dollars in the central bank of Nigeria that he needs our help to recover?

How about this?

[MikeRT]

Sign a patent deal with them that if they will fully fund his defense, he'll agree to not sue anyone and when the case is over he'll turn the patent over to the public domain.

Re:How about this?

How about we not give a free pass to a patent troll just because he used to host a popular, thinly veiled warez site?

Re:How about this?

[Xarvh]

Because he's fighting TEH SYSTEM!
Kinda.

Empty threat

[SirGarlon]

I seriously doubt Kim Dotcom is in a position to actually litigate his patent claim. Financially, that is.

Re:Empty threat

What does that say for 'anyone' with a legitimate patent claim but no funds to defend it?

Re:Empty threat

[doconnor]

He could sell the patent to someone who can.

Re:Empty threat

[Desler]

Where has it been determined that he has a valid patent claim?

Re:Empty threat

I seriously doubt Kim Dotcom is in a position to actually litigate his patent claim. Financially, that is.

It doesn't matter. He can just sell the patent to Yahoo or Apple or Patent Trolls R Us, or whoever and then they can litigate it.
   

Re:Empty threat

[PoolOfThought]

Well, presumably, when he filed for that patent he knew what he was patenting. He and his lawyers came up with the a set of "claims" that are the actual meat of the IP. And if some actor later comes and inserts a product into the market that could not have been created without stepping on one or more of the claims in the patent then he knows one of two things:

(1) he has a valid complaint that the person is stepping on his IP
or
(2) whoever wrote the claims in his patent did so in such that there was a work around that these other actors are utilizing

[Random note: The possibility of (2) is why you should hire an actual patent attorney to write your patent rather than trying to do it yourself. I have experience with this and the value of a decent attorney, if you can afford them, is not to be minimized.]

In any case, that's what a patent lawsuit is about. I say "you can't do that without violating my patent". Now you must prove that you found a way to do it without violating my patent or you must prove that the patent should never have been granted. If you can't do either one of those then you pay for using my IP.

Kim-Dot-Con

[Shoten]

It bears mentioning that Kim Dotcom was once named Kimble Schwartz, who basically went from one moneymaking scheme to another. Kimvestor, for example, got him jailed for securities violations. YIHAT was a front of an organization that tried to rally people around hacking terrorists. The list goes on and on. About 15 years ago he was noted as being a fraud in the security space, despite claiming to be a hacker. I think he got lucky with Megaupload, but now he's back to his old usual failing-yet-highly-vocal self.

Re:Kim-Dot-Con

[MetalliQaZ]

Don't forget the "music career" with that tasteless music video!

Re:Kim-Dot-Con

[Shoten]

Don't forget the "music career" with that tasteless music video!

Oh yeah! Forgot about that one...it's easy to lose track of all the ways this self-indulgent butthead has tried to reinvent himself.

Re:Kim-Dot-Con

I hear the guys that started the company that today has the highest market capitalization in the world did it using funds they earned creating illegal phone phreaking equipment.

Derp-a-herp-herp many respectable people in our industry started this way, so why splerg on Kim Dotcom? Is it cause he's fat and does all the kind of childish things you wish you could do had you had millions of dollars?

Haters gonna be lame haters.

Re:Kim-Dot-Con

I'm surprised this was actually modded up here... The hivemind has something of a hard-on for Kim Dotcom, anyone who was even mildly critical of him during the Megaupload situation was immediately dismissed as a troll.

It's rather smugly satisfying to see him turn the tables completely and reveal himself as a patent troll now that he needs some extra cash. It's even more satisfying to know that he's ALWAYS been a money grubbing scumbag, because from what you've posted here, those same people running to his defense should have known better.

Re:Kim-Dot-Con

[SirGarlon]

I always thought he was a scumbag. I don't understand why Slashdot and others treat him like some kind of folk hero.

Re:Kim-Dot-Con

[Desler]

Enemy of my enemy, apparently.

Re:Kim-Dot-Con

I always thought he was a scumbag. I don't understand why Slashdot and others treat him like some kind of folk hero.

Most folk heroes are scumbags. The reason they have risen to the level of folk heroes is not so much because of their greatness but rather that people have forgotten or overlooked their scumbag qualities. It is a little surprising that this can still happen in modern times. But, just look at how the Republicans have been trying to make Ronald Reagan into a folk hero... And a century from now, Hilary Clinton might be some kind of folk hero as well.

               

Re:Kim-Dot-Con

No, they did it by using the money they earned at their day jobs, selling some possessions, and getting venture capital from Mike Markkula.

Re:Kim-Dot-Con

[Fallout2man]

Eh, the situation isn't exactly as clear-cut as it appears though. Is he acting like a patent troll? Yes. But could he pay for his own legal defense? No.

He's as much a patent troll as someone who steals a loaf of bread to feed their starving child in the Calcutta slums is a thief. There's a degree off nuance to the whole thing. Although his past actions do make it clear he's doing this to get rich and doesn't care about the politics...if we all benefit from this fight (by having less draconian copyright laws) then why not root for him, for now at least?

Re:Kim-Dot-Con

[Ian+A.+Shill]

I would say there's a shitload more than a degree of nuance if you want to compare Kim Dotcom with starving families in Calcutta. Perhaps you mean to speak of the starving family as "groups whose collective food intake is less than Kim Dotcom" or "things than Kim Dotcom could eat in one sitting".

I'm only watching this freak show for the entertainment value, myself.

Eh, the situation isn't exactly as clear-cut as it appears though. Is he acting like a patent troll? Yes. But could he pay for his own legal defense? No.

He's as much a patent troll as someone who steals a loaf of bread to feed their starving child in the Calcutta slums is a thief. There's a degree off nuance to the whole thing. Although his past actions do make it clear he's doing this to get rich and doesn't care about the politics...if we all benefit from this fight (by having less draconian copyright laws) then why not root for him, for now at least?

Re:Kim-Dot-Con

[Fallout2man]

I would say there's a shitload more than a degree of nuance if you want to compare Kim Dotcom with starving families in Calcutta. Perhaps you mean to speak of the starving family as "groups whose collective food intake is less than Kim Dotcom" or "things than Kim Dotcom could eat in one sitting".

I'm only watching this freak show for the entertainment value, myself.

You "would" but you didn't. So what exactly ARE you saying? I even explained how this benefits us and all you've got is a cheap shot at his weight? Come on; I expected better. ;p

Re:Kim-Dot-Con

[Ian+A.+Shill]

I would say there's a shitload more than a degree of nuance if you want to compare Kim Dotcom with starving families in Calcutta. Perhaps you mean to speak of the starving family as "groups whose collective food intake is less than Kim Dotcom" or "things than Kim Dotcom could eat in one sitting".

I'm only watching this freak show for the entertainment value, myself.

You "would" but you didn't. So what exactly ARE you saying? I even explained how this benefits us and all you've got is a cheap shot at his weight? Come on; I expected better. ;p

Kim Dotcom is not comparable to a starving family Calcutta. The crack about his weight was not very mature, I'll give you that, but Kim Dotcom is hardly starving. Last I was aware, he was still living in a large mansion, and where I come from, if you don't have money, you don't live in a home like that. What I am saying, is what I did say, I'm only watching this for the entertainment value. My reasons are that I can't bring myself to care what Kim Dotcom does, because I am prejudiced with regards to him, I feel he's an attention whore. But that's just me. My attention wrt this situation is the (apparent) overwhelming use of force in raiding this man's home. I don't see a whole lot of difference between mega download or whatever he was running, and other file locker services, but I have never used any of them, so my knowledge is admittedly limited.

I think the use of U.S. law enforcement resources to enforce copyright(s) is beyond what I would consider appropriate.

Are you happy now? You made me say *something*.

Come on; I expected better. ;p

You are right, and I will try to better next time, Dad.

Re:Kim-Dot-Con

[Fallout2man]

Kim Dotcom is not comparable to a starving family Calcutta. The crack about his weight was not very mature, I'll give you that, but Kim Dotcom is hardly starving. Last I was aware, he was still living in a large mansion, and where I come from, if you don't have money, you don't live in a home like that. What I am saying, is what I did say, I'm only watching this for the entertainment value. My reasons are that I can't bring myself to care what Kim Dotcom does, because I am prejudiced with regards to him, I feel he's an attention whore. But that's just me. My attention wrt this situation is the (apparent) overwhelming use of force in raiding this man's home. I don't see a whole lot of difference between mega download or whatever he was running, and other file locker services, but I have never used any of them, so my knowledge is admittedly limited.

I think the use of U.S. law enforcement resources to enforce copyright(s) is beyond what I would consider appropriate.

  Are you happy now? You made me say *something*.

Quite! ^_^ And the difference is he had all of his financial assets frozen at the time of the raid by the U.S. government. Yes he HAD money, but that money was confiscated from him and cannot be used to fund his defence. That's why this is so important. Kim Dotcom, the magnificent bastard that he is, is our best hope for bringing a court case up that could establish sane copyright law.

It's not pretty, I wish he didn't have to do any of this. Yet, I see the necessity of it. How else is someone who just lost their entire set of assets and spare cash going to defend himself against the **AAs in court? The man needs funds to be able to get a crack team of lawyers. Yes, he absolutely is in it for himself, but in this case if he wins, we win. Because he might be able to finally set judicial precedent about what can and cannot be done in the name of "protecting copyrights." That, my friend, is a big f**king deal and why I'd say it's okay to root for him.

Make no mistake, he's a tool, but right now he is a more than useful one for us. We shouldn't be hoping he fails because that will only make things worse for everyone else.

You are right, and I will try to better next time, Dad.

[Tidus Dad]Son, let me tell you a story: Once upon a time an there was a fat, evil man, who scammed money from people. The fat, evil man had little success doing this; Deciding it only made sense to change careers the fat man decided to instead try and scam money from corporations. Suddenly, the fat man wasn't quite just plain evil anymore. Because now, whenever the fat man did good at his job a basket of stray kittens was spared the guillotine. Upon realizing this (hopefully) the fat man decided he'd rather be a jolly fat man and save kittens as well as his own hide. And so; the fat man assembled a crack team of lawyers and the evil corporations were defeated in court: The End.[/Tidus Dad] ;p

Go ahead, sue Google

[MetalliQaZ]

See what happens.

Re:Go ahead, sue Google

[Laxori666]

Um. Kim's actual twitter message was "Google, Facebook, Twitter, I ask you for help. We are all in the same DMCA boat. Use my patent for free. But please help funding my defense." That's not really threatening to sue, that's asking for help. Yellow journalism much?

Re:Go ahead, sue Google

[Desler]

I never sued them. I believe in sharing knowledge & ideas for the good of society. But I might sue them now cause of what the U.S. did to me

From here. In your hasty attempt to defend Kim Dotcom you might have wanted to actually do a but more research.

Re:Go ahead, sue Google

No, what we need now is for NewEgg to make a two-factor auth system on their website. Then wait until they get sued, and...

Re:Go ahead, sue Google

[PRMan]

I still think it's more of a "I might have to sue because I have no money to operate." He really doesn't want to do it, but I can see how people can read it as a thinly-veiled threat, especially given his background.

Re:Go ahead, sue Google

"That's a nice business you go there. It would be a shame if anything should happen to it. You know, if you paid us, we would gladly keep an eye on it and make sure nothing happened to it. Of course, you don't HAVE to, but, you know, things happen. *crash* Oops."

Re:Go ahead, sue Google

[Ian+A.+Shill]

He should start with Newegg.

See what happens.

Re:Go ahead, sue Google

[Laxori666]

Oh true. I blame the article for not posting a more relevant link & twitter for being hard to use.

interesting quote FTFA

[sl4shd0rk]

"I believe in sharing knowledge & ideas for the good of society. But I might sue them now cause of what the U.S. did to me,"

Sounds like the typical ire most people have towards the US legal system right now. Including the US itself.

Re:interesting quote FTFA

[squiggleslash]

Yeah, it's the old "Something related to X did this to me, therefore I'm going to attack people also related to X but in another way that doesn't mean they had any control over the first thing" thing.

See also numerous wars we've been involved in over the last few decades.

If you read the patent

[Saethan]

If you read the patent, I'm pretty sure 2-factor auth methods that are actually used today don't apply.

According to a first step, the user sends a qualifying identification of the data input apparatus together with a request for the generation or for the selection of a transaction authorization number TAN or of comparable password from a data file from the data input apparatus to an authorization computer. In a second step the authorization computer generates the transaction authorization number TAN or the comparable password or selects them form a data file. According to a third step, the authorization computer sends the transaction authorization number TAN or the comparable password over a second transmission path different from the first transmission path to a monitor, for example a pager. According to a fourth step, the user reads this transaction authorization number TAN or the comparable password from the receiver and enters the transaction authorization number TAN or the comparable password into the data input apparatus. According to a fifth step, this transaction authorization number TAN or the comparable password is transmitted to the authorization computer. According to a sixth step, the authorization computer verifies the validity of the transaction authorization number TAN or of the comparable password in order to establish or switch free, according to a seventh step, a connection between the data input apparatus and the receiver unit.

Some of those steps just don't apply to modern 2-factor authentication. In all two factor auth I'm aware of, you send your request, password, -and- generated key all at the same time. I'm mainly thinking of how my 2-factor auth works to sign in to work remotely - I have a fob that generates my key for me, I don't have to request it. I'm sure a properly motivated tech expert could skew things to make it look like this type of authorization is covered by this patent, though.

Re:If you read the patent

[Bill,+Shooter+of+Bul]

They do apply to sending a code via text message that needs to be input to complete authentication... Which is exactly how twitter is doing it. I wouldn't be surprised if there is prior art.

Reasonable patent. Anybody know prior art?

By 1998 there had been a fair amount of work in authentication. Anybody able to cite some prior work which proposes the user sending a device ID (a serial number or MAC address would do) and having that used to pick a transaction PIN which gets sent via a separate channel? Back then there was email already,
and voice phone, and snailmail, and some IM schemes. Can anyone cite, say, a scheme that generated an ID for someone on web but which sent a
separate email to validate it?
    I consider the scheme to be rather obvious provided that there exist multiple channels for those who are to use it. (That's still a problem where the
same device gets used for both web and email for example.) There are more fast channels now, so something can be texted and separately emailed or
otherwise sent.
    But we need some prior art here (in use or discussed) to demonstrate this.

Say what you will....

[kermidge]

Whatever you may think or say about Kim, he's got some interesting moves. (I don't yet have much of a viewpoint on him beyond what I just said, being too busy learning to make good popcorn and trying to follow what's what.)

Is this a really a plea for help, or extortion, or patent-trolling (the latter two might be synonymous)?

On the related matter, I've not read the whole law and am curious: Are violations of DMCA to be pursued under civil or criminal law? Or either one or both depending on circumstance?

Re:If you read the patent. Isn't the user ID sent?

In my use I note there is a user identification (which fits what is used) or a device authentication (e.g. a creditcard number) gets sent. The key thing is the notion that some checking number is sent back by another path. There were fewer such commonly available in 1998 but this magic number gets played back. It looks to me like several schemes I've noted in use today are this kind of thing. However I suspect someone must know of old examples. A public discussion would do as prior art, but we need a reference. The scheme is not suppoed to need a fob, which is indeed different.

Prior Art - ATM?

[Kwyj1b0]

It baffles me that two-factor authentication patents can be valid. Haven't ATM machines always done that (One factor - the ATM card, the second factor is the PIN)? What about USB key+password decryption? I know the patent system is broken, but this should get thrown out when challenged. More interesting, what advice is Dotcom's lawyer giving him? Or does New Zealand legal system not provide lawyers to someone arrested there who can't afford one?

Re:Prior Art - ATM?

[Jahta]

It baffles me that two-factor authentication patents can be valid.

Me too. According to Google's patent search, he filed the patent in 1998. In 1996 I worked on an online banking application that used two-factor authentication. Each customer was issued with a hand-held device (about the size of a small calculator) which generated a transaction authorisation number (TAN) in response to a challenge from the online system. The devices were commercially available at least two years before the patent filing.

Re:Prior Art - ATM?

Remember that Apples rectangle with round corners patent did in fact hold up in court, Prior art can be squished with enough $ backing your patent.

Re:Prior Art - ATM?

[pellik]

1992- Swipe card. My voice is my passport, verify me. Is that prior art here?

Re:Prior Art - ATM?

[Kaenneth]

Which costs more; paying lawyers to defend Dotcom; or paying lawyers to defend a Patent case?

Which one has the worst-case outcome, for the shareholders?

Re:Prior Art - ATM?

RSA's two factor auth has been around since before Kim Dotasshat

Re:Prior Art - ATM?

Problem with ATM is that the PIN is not per transaction, nor is it sent to the ATM. The user enters it and it is compared with one calculated at the issuer.

Re:Prior Art - ATM?

[david_thornley]

A patent on two-factor authentication itself would be invalid. A patent on a particular way of doing it can be legally valid. Presumably, Dotcom's patent describes a specific technique.

Schmitz not Schwartz

Actually is name was Schmitz not Schwartz but the rest is true: http://en.wikipedia.org/wiki/Kim_Dotcom

RSA's SecureID

[nocloo]

I'm pretty sure SecureID uses 2-factor authentication before Kim's patent. Where you enter the password, a token is generated and you have to enter the key before access is granted.
I guess the different maybe the token is automatically generated every min instead of being transmitted to to a secondary device. If his patent is validated in court, it's worth a lot more than the 50mil he asked.
 

Re:RSA's SecureID

I'm pretty sure SecureID uses 2-factor authentication before Kim's patent. Where you enter the password, a token is generated and you have to enter the key before access is granted.
I guess the different maybe the token is automatically generated every min instead of being transmitted to to a secondary device. If his patent is validated in court, it's worth a lot more than the 50mil he asked.

Unfortunately, the corporations won, and their lobbyists purchased a change to US patent law that killed off the concept of prior art. Now, it's whoever filed the patent first.

Does he also have the patent for this?

5-factor weight gain- so that after eating one meal four more meals are ordered to make sure that the first meal was actually eaten.

Re:If you read the patent. Isn't the user ID sent?

[Java+Pimp]

Interesting point. There were fewer devices in '98 available to be used to receive a back channel message. Could this be a case of technology evolving so fast it obviates a patent before it has expired? What might have been considered non-obvious then would certainly be obvious now.

Re: This is in our favor

[kurkosdr]

Guys, guys guys! This can only end up in OUR FAVOR. Let's see... Kim's company (mega.co.nz) is not a "non-practicing entity", so the only way Google and Twitter could avoid paying him whatever he asks, is to set some rules on what can be patented when it comes to software patents. Not as good as abolishing soft patents at all, but a win nevertheless.

In need of money for defense = No money for offens

[businessnerd]

So if he is admitting that he needs financial help with the defense of his current court battle, it would be a pretty reasonable assumption that he does not have the funds to initiate a second court battle. Sounds like a pretty empty threat, if you ask me.

A troll by any other name still smells foul

[sirwired]

"Fund my defense in return for me not suing you about my worthless patent" doesn't make you any less of a troll than "Pay me money in return for me not suing you about my worthless patent."

Excutive Order

[ThatsNotPudding]

Look soon for a Presidential Executive Order finding that if you are an Enemy Combatant against the Entertainment State, any patent you possess is null and void - along with any sense of openness, honesty, or due process.

After reading the patent, Google is in the clear..

[sl3xd]

After having actually read the patent, it looks like Google Authenticator, for example is in the clear.

The patent states that the following must occur:

1.) User inputs a password
2.) Authenticating device receives the password from #1, generates a password, and sends this new password out-of-band to an external device. (Pager, phone, etc)
3.) Person then reads the password from the device
4.) Person inputs the new password into their computer
5.) Computer sends second password over to authenticating device.
6.) Authenticating device finally grants access.

Google authenticator works differently.
1.) User input password
2.) User inputs password read from device
3.) BOTH are sent over the network to the authenticating computer, at the same time.
4.) Authenticating computer grants access.

Note that Google Authenticator does not generate the 'multi-factor' password after receiving the first password from the user.

The multi-factor password is streamed passed to the (pager, phone, etc.) every X seconds.

It's an entirely different mechanism.

Which means that my already low opinion of this guy is now lower, as he's descended into obvious patent troll territory.

Re:After reading the patent, Google is in the clea

[heypete]

Note that Google Authenticator does not generate the 'multi-factor' password after receiving the first password from the user.

The multi-factor password is streamed passed to the (pager, phone, etc.) every X seconds.

No it's not. Google Authenticator implements TOTP which depends only on having a reasonably accurate clock and a previously-agreed-upon shared secret from which the codes are generated.

When one uses Google Authenticator, one gets a shared secret from Google (which can be easily input in the form of a QR code, though one can manually input it as well) and adds it to the GA app. When one wishes to authenticate to a service (e.g. a Google Account or any other service that implements TOTP), the app uses the current time and the shared secret to compute the code for that 30 second time period. The service that the user is authenticating to also had the shared secret and computes the code for the same time period. They should match. If they don't, the service will usually calculate the codes in a time window surrounding the current time (e.g. +/- 2 minutes) in case the client's clock has drifted.

TOTP (and Google Authenticator) do not rely on network access at all -- you can use Google Authenticator as a TOTP code generator for other sites without having anything going through Google at all. For example, I have a TOTP hardware token that had the shared secret programmed by the factory (they don't keep any record of the secret, unlike RSA -- they print it on a piece of paper that comes with the token and that's it). I configured my various TOTP-enabled services (e.g. a secure website) with the shared secret and require the TOTP code during authentication. There's no dependence on outside services or network connections at all. Very handy.

Frozen..

[Roogna]

Not on either side of the issue, but if all his funds are frozen, wouldn't that also include any valuable assets he might own. Such as a patent...

Re:Frozen..

Are you retarded?

Freezing funds means freezing bank accounts and other financial holdings

Better than all the shit on TV now

[TiggertheMad]

...You sir, are the most brilliant programming exec I have ever met.

Of course, that really is kind of a backhanded insult, but still....

Re:After reading the patent, Google is in the clea

[sl3xd]

I stand corrected.

TOTP is still very much outside the realm of Kim's patent.