Apple invention would allow for peripheral-based authentication, password recovery

Posted:
in Future Apple Hardware edited January 2014
A newly granted patent would allow owners of Apple devices to retrieve passwords by connecting to a specific peripheral, potentially eliminating the need for traditional recovery methods.

patent


The U.S. Patent and Trademark Office revealed on Tuesday that Apple was awarded U.S. Patent No. 8,429,760, which covers "a system and method for storing a password recovery secret." The patent, originally filed for in July of 2010, details a system that would tie part of the password recovery process to "a commonly associated peripheral device," such as a power cord.

The filing notes that in existing password recovery methods, users have number of possible options, including logging in as an administrator to reset the password or to enter a password recovery phrase. These are incomplete, the filing argues, as users can forget the particulars of any one answer. Biometrics, too, are insufficient, as the user may be absent ? or even dead ? when the password needs resetting.

Apple's proposed recovery process would not work with just any given power cord. Instead, specific information would be stored on the peripheral, possibly in the form of a universal unique identifier (UUID) that would allow the computer to know that the person trying to access it was in fact the rightful owner.

The filing gives a number of possible peripherals that could serve as a password protector, including printers, portable hard drives, wireless routers, flash drives, smartphones, and external monitors. Using such a device, the filing says, would protect against unwarranted access using the recovery method, since a user would be less likely to take, say, a printer or power cord out with them where a device could get stolen.

The filing has yet to materialize as a feature in any Apple products, but the groundwork for its implementation could already exist. Apple's Lightning connector standard, unveiled in September, is known to contain embedded authentication chips allowing Apple to identify manufacturers. The standard also allows for additional component embedding, as is the case with Apple's Digital AV Adapter for Lightning connectors, which features a complete ARM system on a chip with 256 megabytes of RAM.

This sort of device-specific authentication was also hinted at by Bruce Tognazzini ? who created Apple's Human Interface Guidelines ? when he opined earlier this year about the possibilities of an Apple iWatch. The iWatch, Tognazzini wrote, would allow for simple two-factor authentication much in the way described in the patent, which also mentions "a mobile device" among the possible peripherals that could initiate the password recovery feature.

Comments

  • Reply 1 of 7
    moxommoxom Posts: 326member


    Interesting...

  • Reply 2 of 7
    mdriftmeyermdriftmeyer Posts: 7,503member
    54 more patents granted today. Apple R&D is really ramping up. It's IP numbers for 2013 are set to nearly double those granted in 2012. At the rate they are going they will eclipse 2000 granted patents for 2013.
  • Reply 3 of 7
    solipsismxsolipsismx Posts: 19,566member
    I read this and think of wearable peripherals being tied to a primary device. For instance, an iWatch that will connect wirelessly to a device for authentication then auto-login when it registers you within a certain distance from the device.
  • Reply 4 of 7
    kdarlingkdarling Posts: 1,640member

    Quote:

    Originally Posted by AppleInsider View Post



    Using such a device, the filing says, would protect against unwarranted access using the recovery method, since a user would be less likely to take, say, a printer or power cord out with them where a device could get stolen.


     


    Interesting idea for portable devices, perhaps. But for laptops or desktops that tend to be connected in one spot?


     


    If this was implemented, it would quickly become known, and thieves would be sure to take all the peripherals with them when they rob a house.  


     


    It also sounds like it'd be a lot easier to sneak into anyone's computer that you had access to at home, school or the office.  Just figure out which of the few cables or peripherals they own is the password recovery holder.

  • Reply 5 of 7
    andreidandreid Posts: 96member

    Quote:

    Originally Posted by SolipsismX View Post



    I read this and think of wearable peripherals being tied to a primary device. For instance, an iWatch that will connect wirelessly to a device for authentication then auto-login when it registers you within a certain distance from the device.


    Hey that's actually a good idea! 

  • Reply 6 of 7
    lafelafe Posts: 252member
    kdarling wrote: »

    If this was implemented, it would quickly become known, and thieves would be sure to take all the peripherals with them when they rob a house.  

    It also sounds like it'd be a lot easier to sneak into anyone's computer that you had access to at home, school or the office.  Just figure out which of the few cables or peripherals they own is the password recovery holder.

    Disagree. I imagine the "key" peripheral device might be a beat-up, old USB flash drive in the safe. Or a cable that's upstairs in the kitchen, used to charge an iPhone, but you plug it into the computer downstairs when you want to reset a password. The possibilities are endless. You could dream up all kinds of things that a thief would never guess.
  • Reply 7 of 7
    gatorguygatorguy Posts: 24,176member


    The FIDO Alliance is also working on an authentication system that doesn't rely on passwords. It looks as tho they're considering a few different methods before settling on a standard.


    http://fidoalliance.org/how-it-works.html

Sign In or Register to comment.