[Cryptography] [cryptography] Dual EC backdoor was patented by Certicom?

ianG iang at iang.org
Wed Jun 18 13:55:54 EDT 2014 

On 16/06/2014 15:45 pm, Jerry Leichter wrote:
> On Jun 16, 2014, at 8:34 AM, ianG <iang at iang.org> wrote:
>> Indeed.  I'm fascinated to understand Certicom's business thinking.
>> What is the business model behind patenting backdoors?
> There may not be any, as such.  In 2005, patent trolls were still a minor part of the patent landscape.  Most lawsuits were between big companies, and the most important thing to have in your war chest in such a battle is a large collection of patents you can trade to fend of an attacker.
> 
> In addition, if you're trying to prove that you're a significant company in a technical field, being able to say you're "one of the top three patent holders world-wide in cryptographic algorithms" (or whatever low number you can hope to put in there; I'll bet IBM is number 1 even today) is good for your marketing position.


I wouldn't be surprised if this was it.  Or, they claim it is the reason
in PR.  Basically, a company that patents everything in the space they
can think of, without deep analysis or oversight.

  "Hey boss, I just invented a weapon of mass crypto destruction!"

  "Top gun!  Patent it quick, here's a bonus!"


Michael said:
> One possible answer is to sell into markets that require
> backdoors. If some future (or present, secret) legislation
> were to require RNG escrow, Clipper style, Certicom would
> hold a valuable patent.


Right.  That would be first order analysis, there's a market, let's
patent into it.  Second order analysis would be to ask ones customers
what they think about such a proposal, and try and and work out how it
fits with everything else.

Third order analysis would be to ask about the correlation between
ex-customers and those who were asked about the backdoor strategy.

The term of art for this sort of sales action is conflict of interest.
The product that Certicom are trying to patent and eventually benefit
from raises a conflict of interest with ... just about all of their
customers.

  "Wait, you knew there was a backdoor in our RNG since 2005 and waited
for the patent to clear before telling us?"



iang

More information about the cryptography mailing list