Please give me money—love, Kim —

Kim Dotcom claims he invented two-factor authentication—but he wasn’t first

Dotcom patent was invalidated in EU. He still wants to be paid for "invention."

Out of nowhere, Kim Dotcom last night claimed to have invented a widely used and very important security technology known as two-factor authentication.

Just after Twitter launched a two-factor system, Dotcom tweeted that Twitter is "Using my invention" and also that "they won't even verify my Twitter account." He followed up by calling the use of two-step authentication by Google, Facebook, Twitter, Citibank, and others a "Massive IP infringement by U.S. companies. My innovation. My patent."

Dotcom does have a US patent (using his original name of Kim Schmitz) on two-factor authentication, filed in 1998 and granted in 2000. He also used to have an equivalent patent in Europe. But Dotcom's European patent was revoked in 2011 largely because AT&T had a patent on the same technology with a priority date from 1995. (Thanks to Emily Weal of patent law firm Keltie for pointing out Dotcom's European patent travails in the IP Copy blog.)

While Dotcom's patent in the US is still in force, AT&T also has a US patent pre-dating hisThe Guardian pointed out that Ericsson and Nokia also have patent filings for two-factor systems predating Dotcom's.

The two factors in two-factor authentication are generally something you know and something you have. You know your password and type it in to a website, and you have a device (typically a cell phone) that receives a one-time code from the online service and must be typed in as well. In such a system, a hacker has to steal your password and your authentication device to get in to your account. In addition to cell phones, products like RSA's SecurID devices can generate security keys for use in two-factor systems.

While Dotcom castigated major tech companies for stealing his invention, he tweeted, "I never sued them. I believe in sharing knowledge & ideas for the good of society. But I might sue them now cause of what the U.S. did to me."

But he may not want to spend the money to pursue such a lawsuit because of the ongoing US case against him for copyright infringement. Dotcom further tweeted that "All of our assets are still frozen without trial. Defending our case will cost USD 50M+. I want to fight to the end because we are innocent."

Instead of suing the likes of Google, Facebook, and Twitter, Dotcom offered an alternative: they can just pay him without going to trial. "Google, Facebook, Twitter, I ask you for help," he tweeted. "We are all in the same DMCA boat. Use my patent for free. But please help funding my defense."

UPDATE: Dotcom has since tweeted that "My U.S. 2FA patent has no prior art because it specifies the use of a mobile phone & SMS. Unfortunately my EU patent wasn't specific enough. The prior art that killed my EU patent was an old school pager."

The AT&T patent pre-dating Dotcom's does focus mostly on pagers, but notes that "it will be obvious to those skilled in the art that many other communications mechanisms may be used instead of, or in addition to, wireless paging devices. These mechanisms include, for example, cellular telephones, conventional wired telephones, personal computers, etc."

Dotcom's later patent filing similarly gives both pagers and cellular phones as examples of devices that could be used in two-factor authentication systems. Dotcom's patent makes 17 references to pagers or paging systems, 21 references to phones, and one reference to SMS.

Dotcom further tweeted that he is implementing two-factor authentication in his new storage service, Mega.

You must to comment.

Channel Ars Technica