Twitter has finally got itself two-factor authentication in a bid to help stem the flow of account hacking. Following Twitter’s announcement, Kim Schmitz (better known as Kim Dotcom), the man behind Megaupload (you know, that file sharing site in a spot of hot water over in the US right now), made an announcement of his own: he, in fact, was the inventor of two-factor authentication, and holds a patent for it.
So is this true? IPCopy delves into the public records…
Well, Kim Schmitz does indeed hold US patent US6078908 which is directed to two-factor authentication. The priority date is impressively early: 29 April 1997. A quick look at the public record tells us that there are equivalent patents and applications all over the place, including Taiwan, Japan, Europe, China, Brazil, and Australia.
It seems on the face of it, then, to be a fair claim: Kim Schmitz holds a granted US patent, and we might therefore presume that he invented the two-factor authentication system.
But was he the first inventor? And, more importantly, is the patent actually valid?
A question rather too complicated for a Thursday lunch time’s blog post, but we’ll take it for a quick spin in any case. A look at the EPO register for the equivalent European patent reveals that the European patent was granted, but subsequently opposed and then revoked in its entirety in 2011.
The key prior art document in the opposition was EP0745961, owned by AT&T, with an earlier priority date of 31 May 1995. Interestingly, AT&T’s US equivalent US5708422 is granted, and still appears to be in force.
In the view of the EPO’s opposition division then, Kim Dotcom’s patent is not valid, and while Kim Dotcom may indeed have developed two-factor authentication himself, he was not the first inventor, having been pipped at the post (by a good 2 years!) by someone else.
Kim Dotcom claims not to have enforced his patent against a string of alleged infringers because he believes in sharing knowledge and ideas. Noble indeed, but this IPCopy writer wonders if dubious validity might just have been an influencing factor too?
Update (24 May 2013): Kim Dotcom confirmed via Twitter last night that his EP patent was challenged and revoked but that 14 other territories (including the US) “remain intact”. He also suggested that the claims of his revoked EP patent were broader and different those in the other territories. This may well be the case but without an exhaustive analysis of each granted patent (which we’ve not done) it would be difficult to tell. All IPcopy can confirm is that the EP patent is no more. The US patent and the other granted patents may be valid over the known prior art. Perhaps other blogs in these other territories will take a look?
Emily Weal 23 May 2013
IPcopy 
[…] Dotcom does have a US patent (using his original name of Kim Schmitz) on two-factor authentication, filed in 1998 and granted in 2000. He also used to have an equivalent patent in Europe. But Dotcom’s European patent was revoked in 2011 largely because AT&T had a patent on the same technology with a priority date from 1995. (Thanks to Emily Weal of patent law firm Keltie for pointing out Dotcom’s European patent travails in the IP Copy blog.) […]
[…] Dotcom does have a US patent (using his original name of Kim Schmitz) on two-factor authentication, filed in 1998 and granted in 2000. He also used to have an equivalent patent in Europe. But Dotcom’s European patent was revoked in 2011 largely because AT&T had a patent on the same technology with a priority date from 1995. (Thanks to Emily Weal of patent law firm Keltie for pointing out Dotcom’s European patent travails in the IP Copy blog.) […]
[…] Dotcom does have a US patent (using his original name of Kim Schmitz) on two-factor authentication, filed in 1998 and granted in 2000. He also used to have an equivalent patent in Europe. But Dotcom’s European patent was revoked in 2011 largely because AT&T had a patent on the same technology with a priority date from 1995. (Thanks to Emily Weal of patent law firm Keltie for pointing out Dotcom’s European patent travails in the IP Copy blog.) […]
[…] Dotcom does have a US patent (using his original name of Kim Schmitz) on two-factor authentication, filed in 1998 and granted in 2000. He also used to have an equivalent patent in Europe. But Dotcom’s European patent was revoked in 2011 largely because AT&T had a patent on the same technology with a priority date from 1995. (Thanks to Emily Weal of patent law firm Keltie for pointing out Dotcom’s European patent travails in the IP Copy blog.) […]
[…] Emily Weal during a IPCopy site points out […]
An interesting aspect is that, contrary to what he claims, Mr. Dotcom clearly didn’t start pondering just now the idea of suing everybody in sight with that patent. Looking in the opposition file, Dotcom’s patent attorneys asked for the proceedings to be accelerated already in January 2010 because, according to them, “the patentee is considering legal enforcement of his US patent”. It’s here, in German:
https://register.epo.org/espacenet/application?documentId=EPV3JPRS0966J10&number=EP98100688&lng=en&npl=false
So, the “evil Yanks made me do it” defence doesn’t hold. Also, if he can’t afford to pay his defence in the criminal proceedings against him, it seems a little strange to threaten with patent litigation, which is a far more expensive game for everyone involved…
[…] Dotcom does have a US patent (using his original name of Kim Schmitz) on two-factor authentication, filed in 1998 and granted in 2000. He also used to have an equivalent patent in Europe. But Dotcom’s European patent was revoked in 2011 largely because AT&T had a patent on the same technology with a priority date from 1995. (Thanks to Emily Weal of patent law firm Keltie for pointing out Dotcom’s European patent travails in the IP Copy blog.) […]
[…] Dotcom does have a US patent (using his original name of Kim Schmitz) on two-factor authentication, filed in 1998 and granted in 2000. He also used to have an equivalent patent in Europe. But Dotcom’s European patent was revoked in 2011 largely because AT&T had a patent on the same technology with a priority date from 1995. (Thanks to Emily Weal of patent law firm Keltie for pointing out Dotcom’s European patent travails in the IP Copy blog.) […]
[…] Dotcom may not have the air-tight case he believes he does. IPCopy wrote on Thursday that while the Megaupload founder does hold a patent for a form of two-step authentication, he […]