Apple is sued over their 2-Step Apple ID Verification System

Patently Apple ^ | August 22, 2015 | Patently Apple Staff

[Swordmaker]

A Nevada based company is suing Apple for patent infringement. The company alleges that Apple's 2-step Apple ID verification system/process violates their patent.

Verify Smart Corp. alleges that Apple makes, uses, tests, markets and sells or otherwise provides a system and method for enabling a user to authenticate their identity when initiating an electronic transaction, using a one-time pass-code sent to the user's mobile phone (hereinafter "Apple two-step verification").

They further claim that Apple's two-step verification system is designed to enable secure transactions for their customers. Verify alleges, that Apple's two-step verification infringes claims 2 and 5 of their acquired granted patent 8,285,64 which is noted in the graphic below.

[Swordmaker]

Apple is again being sued by what appears to be a patent troll, this time for an obvious patent for 2-step authentication which is now used by most banks and other tech firms for access to secure accounts. Patent was granted October 9, 2012 with an application date of September 14, 2007. My viewpoint is that 2-factor or 2-step authentication is obvious, an extension of what banks and other companies have done for years, e.g. calling to confirm charging on large transactions, but just automated. That makes it an obvious and easy extension of existing art that anyone in the industry would come up with. . . and did. — PING!

Dayglored, Shadow Ace: Ping for your lists as well since Android and Windows also use two-step and two-factor authentication, as do most banks, Google, and a host of other tech companies. It will be just a matter of time before this TROLL files shotgun suits against all of them as well.

Apple 2-factor authentication patent infringement lawsuit Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Bobalu]

Software patents are stooooopid!

It’s no different than patenting a plot line for a novel, i.e. If in your novel the Butler did it! Then you get sued because someone else used that idea before...STUPID!

Software is not at all like hardware.

Most software ideas are simply obvious...it’s like trying to patent common sense.

[Enlightened1]

You can’t put a patent on a security process.

That’s like someone putting a patent on putting up a fence around your house.

Then turning around and taking to court anyone else that puts up fence around their home.

This is absolute nonsense.

My guess though is that this is the feds (NSA, etc..) , via a private company, trying to get Apple to loosen their security process?

[Dr. Sivana]

Amazon’s One-Click orderimg suit (if I recall) was successful. What could be more “patently” obvious than ordering products when logged in with proper credentials by clicking a button next to the product?

[Crazy Jim]

I will not argue whether a specific security process can be patented or not (as that gets decided by the inventor, those expensive lawyers and in the end the Patent Office), but the many hundreds if not thousands patents on locks would suggest otherwise.

Would I sue you for putting up a fence, maybe not the fence but surely the wire! Putting up a fence is not what I'd take you to court for, it would be for using my Intellectual Property (IP) without compensating me. Build your fence but don't use my patented wire.

The 1882 barbed wire patent and a dispute about it still is used today to define first to file and novelty. "This case largely established precedent for future patent law, specifically in questions of first-to-file, or scope of novelty." See: https://en.wikipedia.org/wiki/The_Barbed_Wire_Patent

As to if they are trolls or not I cannot say, but they may have already negotiated with other infringers or are using Apple as the first case.

Double authentication would make no difference to NSA or other security agency as they would have the data stream. Actually it would confirm who was sending the message. And as an analyst I may only care who sent the message.

"Glidden held sole rights to sell the product and thus established the Barb Fence Company, in Dekalb, Illinois. The invention made him extremely wealthy and by the time of his death he was one of the richest men in the United States." op.sit.

We have decided that software innovations are patentable as defined in the laws. "Section 101 of Title 35 U.S.C. sets out the subject matter that can be patented:

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title." From: https://en.wikipedia.org/wiki/Patentable_subject_matter

Since we are a country of laws and we respect property rights it is important for people to defend their ownership and let the court decide who is right or wronged.

So you have to ask yourself "Do I really want to build this fence with someone else's property?"

[dayglored]

A patent on Two-Factor Auth?

LOL!! Yeah, this will never stand.

[Extremely Extreme Extremist]

I don’t like Amazon’s one-click process. In fact, I don’t have any of my credit cards stored on Amazon and other sites I purchase from. I always re-enter my information in.

[dayglored]

Two-Factor Authentication patent trolling ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Two-Factor Authentication has been around a long time and is in wide use in secure Windows-based systems as well as many other environments.

Active Directory, Remote Desktop, and a host of other services and applications support it.

Windows 10 has Two-Factor Auth BUILT IN.

Thanks to Swordmaker for the ping. I'm adding ThunderSleeps, since Android devices are part of the Two-Factor ecosystem too.

[Swordmaker]

What is funny is that the second patent listed going up in the listing of references in the patent itself, is this prior art patent application from 2004, which is much more applicable than then 2007 application:

This invention uses separate, parallel communication channels to authorise and authenticate a transaction. A primary data channel (PSTN, radio or the like) is used to communicate between the merchant terminal and the bank, and a parallel data channel (a mobile phone network for instance) is used for the authentication process. In the example, the transaction is initiated (on a primary data channel), using a POS terminal as a transaction processing client. The transaction processing server and financial services provider fulfill their normal functions. At this point, the process loops into a transaction authorisation component using the parallel data channel, that requires authentication of the transaction initiator (the card holder). In the example, communications on the parallel data channel are by way of SMS. In the authorisation process, the card holder receives an SMS requesting authorisation of the transaction. If the card holder is not the transaction initiator, the card holder can cancel the transaction. If the transaction can be authorised, an authentication process is initiated in which the mobile phone is programmed to require the entry of a normally secret code (such as a personal identification number (PIN)) that serves to authenticate the card holder and to give final authorisation of the transaction.

Similarly, the next one up, more prior art, application # 20070034685:

A transaction-enabling instrument, such as a credit card, a debit card, or a check, has encoded thereon in machine-readable form a telephone number of a portable wireless communications device, such as a cell phone or a PDA, of the instrument's owner, who is typically the holder of the instrument, and a transaction-authentication code. When the holder presents the instrument to enable a transaction, a reader reads the phone number and code, and an authentication server causes the phone number to be dialed and the owner to be prompted for the authentication code. If the owner provides the code, the server allows the transaction to proceed. If the owner cannot be reached or does not provide the code, the server denies the transaction.

Then half-way up the list of references, application #20030061163:

A method and apparatus for protecting against the unauthorized use of a credit card called CardSafe.TM. allows the credit card holder to finally approve any credit card transaction. When a credit card is used at a remote merchant's terminal, the credit card company is notified of the transaction amount and the credit card account number. The named card holder is concurrently notified of the transaction by a wireless device, such as a telephone call, pager notification, or the like. Upon notification, the card holder can approve or disapprove of the credit card transaction. Unless approved or denied by the credit card holder, the transaction remains uncompleted. The approval or disapproval by the credit card holder can be accomplished in real time or on a pre-selected basis. An unauthorized person would not be able to complete a transaction The credit card owner can also deactivate the CardSafe.TM. system.

There are lots more. I think that shows that this patent is void based on prior art on its face and obviousness by extension of the prior art.

[TheBattman]

So... I fully expect the governments at various levels, banks, mortgage companies, and other companies to be sued in the near future. After all, requiring multiple forms of ID has been around for a very long time.

[TheBattman]

How can that patent even come close to being valid? A similar concept has been infuse for many many years long before that patent was even filed. Sigh.

[TheBattman]

I would disagree... sort of.

Software patents I don’t have a problem with - when someone comes up with a truly unique software product/method/means that has not previously been used conceived... I don’t have a problem. But when a patent is granted for software function that has been a common process or function for many years prior to the patent being issued - that is a problem.