Feeds

Did Kim Dotcom invent 2-factor authentication? Er, not exactly...

Pull out your pagers and your Hammer pants, we're going back to the '90s

High performance access to file storage

Twitter is the latest major web service to beef up its security two-factor authentication (2FA). The security feature is a pretty simple and effective approach - and one the notorious Mega kingpin Kim Dotcom claims today to have invented back in the '90s.

Two-factor auth is a simple process for verifying that the user accessing a service is legitimate. A random code is sent from the web service (via SMS) to the person's phone, and the user then types the code into an authentication dialog on a web page.

But did Dotcom really invent 2FA for remote authentication? In short, it appears he did not.

In 1996, the then-Kim Schmitz filed for a patent entitled "Method for authorizing in data transmission systems". The patent has a priority date of 29 April 1997, and it does indeed describe a two-factor authentication system. The user logs into a service, triggers a secondary authentication request, and this is fulfilled by SMS.

But Ericsson filed a patent titled "User authentication method and apparatus" with a priority date of 24 June 1994 that also covered 2FA using a pager or phone. A later patent filed by Nokia ["Method for obtaining at least one item of user authentication data"] with a priority date of 23 February 1996 resembles even more closely the 2FA approach used on the web today.

Kim Dotcom's patent through the European Patent Office was cancelled in 2011 after opposition from Ericsson.

Kim Dotcom's US patent remains in force. Whether the US Patent Office or the United States District Court of Texas would confirm the validity of the patent is an interesting question.

On his Twitter page, Kim Schmitz/Dotcom describes himself an "innovator". To earn the title, you've got to introduce something new. Kim Schmitz/Dotcom - in this case at least - doesn't appear to have done so.®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.