Two-factor authentication has become a popular way to heighten log-on security, used by many Internet companies and financial institutions. Now, controversial Megaupload Web site owner Kim Dotcom says he owns the patent for the process.
In a tweet on Thursday, Dotcom wrote that "Google, Facebook, Twitter, Citibank, etc., offer Two-Step-Authentication. Massive IP infringement by U.S. companies. My innovation. My patent."
About a half-hour after the "massive IP infringement" message, Dotcom tweeted: "Google, Facebook, Twitter, I ask you for help. We are all in the same DMCA boat. Use my patent for free. But please help funding my defense." None of the named companies have commented on his tweets. DMCA refers to the U.S. Digital Millennium Copyright Act, which Megaupload has been accused of violating.
Dotcom's legal issues stem from his arrest by U.S. federal agencies in January at his New Zealand mansion for illegally serving copyright-protected material through his Megaupload Web site. Eighteen luxury cars and what were reportedly millions of dollars in artwork and electronics were seized by authorities. When arrested, police said, he was inside one of six safe rooms in the mansion, holding a weapon that appeared to be a sawed-off shotgun.
He contends that the legal costs of fighting copyright infringement charges will be more than $50 million. A hearing is set for late summer on a request from U.S. authorities for his extradition. In early March, the New Zealand Court of Appeal ruled that the U.S. did not have to show all of its evidence against Dotcom in order to obtain his extradition, but could simply present a summary.
The patent Dotcom referred to, US6078908, was filed in 1998 and published in June 2000. Entitled "Method for authorizing in data transmission systems," it lists the inventor as Kim Schmitz, the original name of the German native, who now lives in New Zealand. He legally changed his name in 2005.
In the first step described in the patent's Abstract, a user "sends a qualifying identification" with a request for "the generation or for the selection of a transaction authorization number" (TAN) or a password. The authorization computer then generates the TAN or a password and sends them "over a second transmission path different from the first transmission path," such as through a pager, and the user then enters and sends the TAN or password.
Two-factor authentication, also known as two-step or multi-factor authentication, involves using some additional piece of information that could not be hacked from the computer you're attempting to log onto, such as your phone number, a code sent to a pager or a smartphone, or a generated code in a separate piece of hardware.
Some observers have noted that Dotcom's claims to a valid patent that could withstand legal challenges are dubious, because of the probable existence of prior art. Prior art involves the same or similar methods or devices that were patented, or simply in use, prior to the patent in question. Ericsson and Nokia in particular may have been involved in similar two-factor authentication as early as 1995.