Apple Patents Power Charger Password Recovery - InformationWeek
01:32 PM

Apple Patents Power Charger Password Recovery

Microchip embedded in a power supply or other peripheral could help recover forgotten laptop or smartphone passwords.

Inside Apple's New Grand Central Super Store
Inside Apple's New Grand Central Super Store
(click image for larger view and for slideshow)
Have you forgotten the password you need to log onto your laptop or smartphone? In the future, your power charger may help bail you out.

That's according to a new patent, received by Apple last week, which proposes embedding password recovery secrets--or even encrypted passwords--in a microchip that's placed inside a power adapter, then paired with a specific smartphone or laptop.

Power adapters, however, aren't the only candidates for storing backup passwords. In its patent application, first filed on July 1, 2010 by Apple's VP of software technology, Guy Tribble, Apple said that passwords or recovery secrets could be stored on any "peripheral or companion device"--including a wireless router, backup drive, external monitor, or even flash drive--together with a fingerprint that ties the password to a specific device. Then, whenever the laptop or smartphone and the peripheral device were connected, an automatic handshake could automatically unlock any stored password or password recovery secret. Or if the devices hadn't yet been paired, the operating system might suggest that users store a backup password on the peripheral device.

[ Are Passphrases A Viable Alternative To Passwords? ]

According to Apple, the benefits of this password-backup approach would be two-fold. First, people would have an easy way to log into their device in the event that they forget a password. Second, people would be more likely to use unique passwords--which are much tougher for attackers to crack--if they knew that those passwords could be easily recovered if forgotten. This, in turn, would help stop more opportunistic thieves--who steal devices from people when they're out and about--from recovering any information off of a stolen device.

Notably, any stored password--or password hint--would be encrypted using a large, unique number to make recovering it via a brute-force attack difficult. The same password, or completely different passwords, could also be distributed to different peripherals. Then, if a user needed to recover a given password, they could initiate a password-recovery process, at which point they would be prompted to plug in a specified peripheral which contained the required password. Alternately, users could store only password hints and plug in the correct peripheral to retrieve those.

Apple said the impetus for its new password-recovery approach was to protect mobile devices. "Although it can be difficult to provide both convenient password recovery and security in all use scenarios, one increasingly important scenario involves protecting a portable computing device when a user carries the device separately from a commonly associated peripheral device," according to Apple's patent filing.

In other words, Apple's security approach has a caveat: it's predicated on users not carrying a paired power adapter--or other peripheral with password-recovery information--with the device. Of course, given the pesky battery life (or lack thereof) that many types of mobile devices sport, in fact users will often be carrying power adapters with them. Accordingly, what happens if attackers manage to steal both a laptop or smartphone, as well as a power adapter containing password data for the device? To help mitigate those types of scenarios, Apple's patent also proposes using a server to add a third layer of security.

Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks--accidental and otherwise. Also in the new, all-digital Dark Reading supplement: Why user provisioning isn't as simple as it sounds. Download the supplement now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/13/2012 | 5:56:20 PM
re: Apple Patents Power Charger Password Recovery
Apple is filing so many patents from last year as a recent patent, excluding the one above, to use the 3D GUI tech in iDevices has also been filed (etechmagdotcom). But I'm unable to understand why companies sue Apple and why Apple is involved in many patents suits with half a dozen companies all over the globe...
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll