Sunday, May 18, 2008

Guardian Angel

From a recent US patent application

"An intelligent personalized agent monitors, regulates, and advises a user in decision-making processes for efficiency or safety concerns. The agent monitors an environment and present characteristics of a user and analyzes such information in view of stored preferences specific to one of multiple profiles of the user. Based on the analysis, the agent can suggest or automatically implement a solution to a given issue or problem. In addition, the agent can identify another potential issue that requires attention and suggests or implements action accordingly. Furthermore, the agent can communicate with other users or devices by providing and acquiring information to assist in future decisions. All aspects of environment observation, decision assistance, and external communication can be flexibly limited or allowed as desired by the user."

Twenty investors are listed, including Gates, William H. (Medina, WA) and Ozzie, Raymond E. (Seattle, WA). The presence of these two names on the patent application is attracting some attention from the blogosphere.

  • "a most unusual Microsoft patent application that should intrigue privacy advocates" [TheoDP]
  • "interesting and frightening at the same time" [Dennis Kudin on security]
  • "This sounds interesting at first glance, but also a little creepy. ... I'm not so sure I'd be terribly keen on having my device capable of some of those functions." []
There is some discussion in the comments to Bruce Schneier's blog about the extent of Bill's and Ray's contribution to this invention. Maybe it's true that Bill and Ray can attach their names to pretty much any Microsoft patent application if they choose. In which case the interesting question is what it was about this particular invention that attracted their interest.

The name "Guardian Angel" is leading some commentators to view this as a security mechanism, but it is clearly intended to provide much more than security, a comprehensive mechanism to provide presence and context, which are key elements of some of the things both Bill and Ray have talked about in the past.

There is also some discussion on Bruce's blog about the originality of the invention and the possibility of "prior art". You really can't tell this from the summary though; to assess this properly, you would need to look at the whole application including the diagrams, but I haven't managed to access the diagrams. Clearly there are other companies working on mechanisms for presence and context, including the telecoms companies. (I had a briefing on this very topic with Avaya recently, which I haven't had time to write up yet.)


  1. What would it take for an industry analyst to provide comprehensive coverage via blog entries on the work that OWASP is doing?

  2. For an answer to James's question, see my post on OWASP Coverage and browse the OWASP category on this blog.