Monday, June 21, 1999
Protecting networks: simple idea
I saw a post about how difficult it can be to exploit an invention. I thought I'd mention some stuff from my experience in this area.
About six years ago I came up with this idea for protecting networks. It's best communicated with an example.
Say you have an Intranet to which you want to allow employees access away from the office. So, you put up the firewalls and give them passwords, but people are notorious for leaving passwords lying around or picking simple ones like "password".
Well, how's this for simple? Have the pc they connect with keep up with how long they're online and the pc they connect with does so as well. Then whenever they connect, besides their password, the pc sends a number based on the length of previous connections.
Of course, it could work in other places as well and would just be an additional layer along with digital encryption. There's a bonus as well. Say your network is invaded by someone who happens to get the right information. The next time the valid user connects, there's a red flag and you know your network has been violated.
I think of it as a way to make a wireless connection like a physical connection. It's like how the telephone company doesn't worry about people stealing your phone service from your home phone because it's physically wired.
In fact, this idea originally came to me as a way to prevent cellular "cloning" (basically stealing cellular service). Well, I pitched it to several major phone companies and was basically ignored. I talked to an engineer who said it would be too hard to implement.
I decided to patent it and made the mistake of getting a patent attorney who cost me $5,000 but couldn't convince the patent examiner that it was a unique idea. And as for the patent examiner, maybe he was in league with the attorney (who billed at $150/hr), since none of the patents he came up with to contest uniqueness had anything to do with my idea (they all had to do with time-date stamps, which only relates tangentially).
So, broke…I gave up. I sometimes wonder if anyone is using such a simple notion. Like I said, it is about six years old. Has cellular cloning been handled? I see hackers can even get into federal sites (which doesn't surprise me since the government is stupid).
About six years ago I came up with this idea for protecting networks. It's best communicated with an example.
Say you have an Intranet to which you want to allow employees access away from the office. So, you put up the firewalls and give them passwords, but people are notorious for leaving passwords lying around or picking simple ones like "password".
Well, how's this for simple? Have the pc they connect with keep up with how long they're online and the pc they connect with does so as well. Then whenever they connect, besides their password, the pc sends a number based on the length of previous connections.
Of course, it could work in other places as well and would just be an additional layer along with digital encryption. There's a bonus as well. Say your network is invaded by someone who happens to get the right information. The next time the valid user connects, there's a red flag and you know your network has been violated.
I think of it as a way to make a wireless connection like a physical connection. It's like how the telephone company doesn't worry about people stealing your phone service from your home phone because it's physically wired.
In fact, this idea originally came to me as a way to prevent cellular "cloning" (basically stealing cellular service). Well, I pitched it to several major phone companies and was basically ignored. I talked to an engineer who said it would be too hard to implement.
I decided to patent it and made the mistake of getting a patent attorney who cost me $5,000 but couldn't convince the patent examiner that it was a unique idea. And as for the patent examiner, maybe he was in league with the attorney (who billed at $150/hr), since none of the patents he came up with to contest uniqueness had anything to do with my idea (they all had to do with time-date stamps, which only relates tangentially).
So, broke…I gave up. I sometimes wonder if anyone is using such a simple notion. Like I said, it is about six years old. Has cellular cloning been handled? I see hackers can even get into federal sites (which doesn't surprise me since the government is stupid).
# posted by James Harris @ 00:36 
