I've been running secure open WiFi networks for the past three years. Using hostapd and a patched radius server to ignore the password. I.e. the user asks for a connection, gets the certificate from the radius server through EAP, then the user is prompted for a username/password. The user is allowed to enter *any* username and *any* password, the "authentication" proceeds and simply grants access.
Presto, open WiFi, with private WPA2 encryption per client, and an SSL certificate from the access point which can be validated against. I don't know what IBM et al have been doing, but this is readily available tech (patching the radius server was/is not exactly rocket science) and it works since 2008, and it certainly is nothing exciting to get all fussy about at a black hat conference.
I see that they have a patent pending; this must be a joke (then again, the whole software patent system is a joke).