Singable Passwords

My colleague Beth Noveck’s Peer-to-Patent project has been doing very interesting things in improving the quality of the patent system by opening up applications to public review. The goal isn’t just to invite more comments, it’s to build communities of experts who work collaboratively to make patent review faster and sharper. I poke around the site now and then, looking for interesting applications and interesting conversations (it’s fun; I recommend it). Here’s one that caught my eye:

Whitfield Diffie (yes, that Whitfield Diffie) has an application in for devising mnemonics to help people remember their randomly-generated passwords. The basic idea—have people remember something actually memorable, like oh, you know, words, rather than a bizarre stream of gibberish—has been around for a while. But Diffie and his co-inventor, William Woods, claim to have improved on this well-known idea by making the word sequences themselves meaningful in certain algorithmic ways.

This is a great patent for the application of community wisdom. I seriously doubt that claim 1 can or should survive in its present form; it’s just too absurdly broad:

A method for generating a word sequence for a passcode, comprising: choosing a schema to guide the generation of the word sequence; and transforming the passcode into the word sequence using the schema, wherein the word sequence contains mnemonic structure.

There’s got to be something out there that this claim would read on. If you know of that prior art, please sign up for the P2P site and submit it.

On the other hand, by the time you get into the nitty-gritty details of their various implementations Diffie and Woods have some specific ideas that might be innovative: claims 13, 14, and 15, respectively, add rhythm, rhyme, and melody to the mix. I suspect that by the time the community gets done with this one, there’ll be prior art to narrow the broader claims, but some of the more specific ones might be okay. (Users of P2P have already found a talk on turning passwords into peoples’ names, but it’s not technically prior art because the talk postdates the patent application.)

One concern I have with this system, though, is that it could make passcodes not just memorable but catchy. It’s not so good for security if you start absentmindedly humming your passcode in the elevator.

The talk is not just “technically” not prior art, it’s not “prior” art at all. It doesn’t seem to me it ought to be characterized as a technicality where the reference postdates the filing.

Good point. I went with “technically” because I was thinking of the work behind the talk; that work might well have generated other talks &c. that would constitute prior art. I was being sloppy in failing to distinguish between work that can produce prior art, and actual prior art references.