Apple Patents Power Charger Password Recovery - InformationWeek
01:32 PM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Apple Patents Power Charger Password Recovery

Microchip embedded in a power supply or other peripheral could help recover forgotten laptop or smartphone passwords.

Inside Apple's New Grand Central Super Store
Inside Apple's New Grand Central Super Store
(click image for larger view and for slideshow)
Have you forgotten the password you need to log onto your laptop or smartphone? In the future, your power charger may help bail you out.

That's according to a new patent, received by Apple last week, which proposes embedding password recovery secrets--or even encrypted passwords--in a microchip that's placed inside a power adapter, then paired with a specific smartphone or laptop.

Power adapters, however, aren't the only candidates for storing backup passwords. In its patent application, first filed on July 1, 2010 by Apple's VP of software technology, Guy Tribble, Apple said that passwords or recovery secrets could be stored on any "peripheral or companion device"--including a wireless router, backup drive, external monitor, or even flash drive--together with a fingerprint that ties the password to a specific device. Then, whenever the laptop or smartphone and the peripheral device were connected, an automatic handshake could automatically unlock any stored password or password recovery secret. Or if the devices hadn't yet been paired, the operating system might suggest that users store a backup password on the peripheral device.

[ Are Passphrases A Viable Alternative To Passwords? ]

According to Apple, the benefits of this password-backup approach would be two-fold. First, people would have an easy way to log into their device in the event that they forget a password. Second, people would be more likely to use unique passwords--which are much tougher for attackers to crack--if they knew that those passwords could be easily recovered if forgotten. This, in turn, would help stop more opportunistic thieves--who steal devices from people when they're out and about--from recovering any information off of a stolen device.

Notably, any stored password--or password hint--would be encrypted using a large, unique number to make recovering it via a brute-force attack difficult. The same password, or completely different passwords, could also be distributed to different peripherals. Then, if a user needed to recover a given password, they could initiate a password-recovery process, at which point they would be prompted to plug in a specified peripheral which contained the required password. Alternately, users could store only password hints and plug in the correct peripheral to retrieve those.

Apple said the impetus for its new password-recovery approach was to protect mobile devices. "Although it can be difficult to provide both convenient password recovery and security in all use scenarios, one increasingly important scenario involves protecting a portable computing device when a user carries the device separately from a commonly associated peripheral device," according to Apple's patent filing.

In other words, Apple's security approach has a caveat: it's predicated on users not carrying a paired power adapter--or other peripheral with password-recovery information--with the device. Of course, given the pesky battery life (or lack thereof) that many types of mobile devices sport, in fact users will often be carrying power adapters with them. Accordingly, what happens if attackers manage to steal both a laptop or smartphone, as well as a power adapter containing password data for the device? To help mitigate those types of scenarios, Apple's patent also proposes using a server to add a third layer of security.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/13/2012 | 5:56:20 PM
re: Apple Patents Power Charger Password Recovery
Apple is filing so many patents from last year as a recent patent, excluding the one above, to use the 3D GUI tech in iDevices has also been filed (etechmagdotcom). But I'm unable to understand why companies sue Apple and why Apple is involved in many patents suits with half a dozen companies all over the globe...
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll