Pre-Grant Publication Number: 20070250920
Track the progress of public participation in the review of this pending patent application, and view
application details. The menu on the right will help you navigate this patent application. Subscribe to
the community enables you to receive updates on this application via email so that you can easly follow recent activity.
LATEST PRIOR ART
| Date | Title | Reviewer |
|---|---|---|
| 02/08/08 | Lotus/Domino 4.6 | Kahscho __ |
| 02/08/08 | ADT Security Manager 2000 | Kahscho __ |
| 12/06/07 | TrueCrypt drive encryption application | Igor Naumov |
| 12/06/07 | Rubberhose deniable encryption | denis bider |
DISCUSSION
Kahscho __ (8 months ago)
How is claim 1 any different from a system that lets one login is root (primary password) or as a user with a lower level of access (secondary password)? This has been common in Unix/Linux/Mac systems for quite some time.Michael Halcrow (8 months ago)
In the invention description, the applicant makes reference to
U.S. Patent Numbers 6,679,422, 5,354,974, and 5,731,575. The trivial
extension of using multiple secret PIN values in an ATM machine to
using multiple passwords in a more general computing device, as
described in Claim 1, is neither novel nor non-obvious.
Claim 18 describes a means whereby a user elects to log in under
various levels of access control based on the credentials he provides
at the time of authentication. For years, systems have existed that
currently allow the same agents to manage multiple user accounts, each
account with its own level of access. The applicant is claiming that
rather than map unique username+password combinations to unique sets
of access rules, the system should map unique (username, password)
tuples to unique sets of access rules. The security semantics of such
a change in mapping are weak, and, as other respondents have pointed
out, the existence of numerous well-established RBAC schemes challenge
the applicant's claim to his invention's novelty and non-obviousness.Jonathan Leffler (10 months ago)
It strikes me that the idea of different passwords providing different levels of access is not very novel. In a role-based access control (RBAC) system, you need to iauthenticate yourself, and if you have different levels of access, you will use different authentication information - equivalent to different passwords. The two cited prior art items cover the feigned access ideas. RBAC is an ANSI standard: ANSI INCITS 359-2004. There is a discussion of this standard in IEEE Security & Privacy for Nov/Dec 2007.PEER TO PATENT ACTIVITY
All
Discuss Patent Applications
8 comments posted
Size of Community: 11
8 comments posted
Size of Community: 11
Upload + Explain Prior Art
4 submitted
4 submitted
Annotate and Evaluate Prior Art
4 prior art ratings
4 citations
4 prior art ratings
4 citations
Research Prior Art
0 research notes
0 research notes
WHAT IS THIS APPLICATION ABOUT
