You are right, sudo does not do this at all. The idea behind sudo was to find a way to preserve system security and still allow users to perform useful tasks. List users who have permission to execute an action gives crackers a road-map to break into the system, which decreases security.
This invention apparently cuts at least half of the security out... given that it was a two step process. One had to input both an authorized user and that user's password. By cutting out the step of knowing the authorized user's name, it makes it that much easier to compromise security. For example, if I know that Joe Blow always uses his Wife's maiden name along with his anniversary date as a password, finding Joe Blow's name on the list of users authorized to execute the command opens the door to me immediately.
This invention apparently cuts at least half of the security out... given that it was a two step process. One had to input both an authorized user and that user's password. By cutting out the step of knowing the authorized user's name, it makes it that much easier to compromise security. For example, if I know that Joe Blow always uses his Wife's maiden name along with his anniversary date as a password, finding Joe Blow's name on the list of users authorized to execute the command opens the door to me immediately.
I was going to bring up that very same concern.
I have been commanded by my managers at work to obtain sudo access to hosts, so let me explain with a real world example.
I manage an application which runs in a data center that I neither have physical access to, nor have any business on most other servers there. The application is managed by an account that has login access disabled for security reasons.
I am required to have access to various system logs that no one other than the assigned system management team should have access to. Sudo is the perfect solution to the dilemma of allowing me (limited) system admin access while also allowing me to manage the application.
$ sudo su APP-NAME
Allows me to obtain access to an otherwise inaccessible login and allows me to run dmesg.
With tiny, non-networked and single-user computers, it doesn't make much sense to restrict access on host. That is the original Microsoft DOS situation. With networked computers everything changes and it becomes extremely desirable to have very limited access to the system by default. It only took a decade and a half, but it appears that Microsoft has finally learned that lesson that we in the Unix world knew a decade before they started networking.
As I wrote in another post, I don't see much use, if any, for this patent. As with all software patents it's only going to hinder someone who does have a good use for the idea. The idea is not new.