Mobile
News
1/10/2012
01:32 PM
Connect Directly
RSS
E-Mail
50%
50%

Apple Patents Power Charger Password Recovery

Microchip embedded in a power supply or other peripheral could help recover forgotten laptop or smartphone passwords.

Inside Apple's New Grand Central Super Store
Inside Apple's New Grand Central Super Store
(click image for larger view and for slideshow)
Have you forgotten the password you need to log onto your laptop or smartphone? In the future, your power charger may help bail you out.

That's according to a new patent, received by Apple last week, which proposes embedding password recovery secrets--or even encrypted passwords--in a microchip that's placed inside a power adapter, then paired with a specific smartphone or laptop.

Power adapters, however, aren't the only candidates for storing backup passwords. In its patent application, first filed on July 1, 2010 by Apple's VP of software technology, Guy Tribble, Apple said that passwords or recovery secrets could be stored on any "peripheral or companion device"--including a wireless router, backup drive, external monitor, or even flash drive--together with a fingerprint that ties the password to a specific device. Then, whenever the laptop or smartphone and the peripheral device were connected, an automatic handshake could automatically unlock any stored password or password recovery secret. Or if the devices hadn't yet been paired, the operating system might suggest that users store a backup password on the peripheral device.

[ Are Passphrases A Viable Alternative To Passwords? ]

According to Apple, the benefits of this password-backup approach would be two-fold. First, people would have an easy way to log into their device in the event that they forget a password. Second, people would be more likely to use unique passwords--which are much tougher for attackers to crack--if they knew that those passwords could be easily recovered if forgotten. This, in turn, would help stop more opportunistic thieves--who steal devices from people when they're out and about--from recovering any information off of a stolen device.

Notably, any stored password--or password hint--would be encrypted using a large, unique number to make recovering it via a brute-force attack difficult. The same password, or completely different passwords, could also be distributed to different peripherals. Then, if a user needed to recover a given password, they could initiate a password-recovery process, at which point they would be prompted to plug in a specified peripheral which contained the required password. Alternately, users could store only password hints and plug in the correct peripheral to retrieve those.

Apple said the impetus for its new password-recovery approach was to protect mobile devices. "Although it can be difficult to provide both convenient password recovery and security in all use scenarios, one increasingly important scenario involves protecting a portable computing device when a user carries the device separately from a commonly associated peripheral device," according to Apple's patent filing.

In other words, Apple's security approach has a caveat: it's predicated on users not carrying a paired power adapter--or other peripheral with password-recovery information--with the device. Of course, given the pesky battery life (or lack thereof) that many types of mobile devices sport, in fact users will often be carrying power adapters with them. Accordingly, what happens if attackers manage to steal both a laptop or smartphone, as well as a power adapter containing password data for the device? To help mitigate those types of scenarios, Apple's patent also proposes using a server to add a third layer of security.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ZeeT
50%
50%
ZeeT,
User Rank: Apprentice
1/13/2012 | 5:56:20 PM
re: Apple Patents Power Charger Password Recovery
Apple is filing so many patents from last year as a recent patent, excluding the one above, to use the 3D GUI tech in iDevices has also been filed (etechmagdotcom). But I'm unable to understand why companies sue Apple and why Apple is involved in many patents suits with half a dozen companies all over the globe...
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.