[Cryptography] [cryptography] Dual EC backdoor was patented by Certicom?
ianG
iang at iang.org
Thu Jun 19 07:18:41 EDT 2014
On 19/06/2014 00:21 am, John Gilmore wrote:
> Has anyone considered the idea that Certicom patented the back door so
> that they could sue anyone who tried to use it for the next 20 years?
Yes, that is what a patent is. To prevent someone using an invention so
that a royalty can be extracted.
> Cryptography Research invented some cool attacks on smart cards that
> watch the chip's power consumption while it calculates crypto. They
> not only patented the attack, to prevent others from deploying it at
> scale. They also patented all the countermeasures they could think
> of. Now every smart card maker ends up paying them to secure their
> chips against this attack (unless the maker invents a new
> countermeasure that CR didn't think of).
Right. But that is commercial/competitive hardware, not open software
standards. In software standards for the Internet, the emphasis is on
making a design freely available to the public.
The consensus is that the specs should have no patent encumbrance, and
can be freely used.
And, exploits are announced, damned, and fixed. Not hoarded. 5 eyes,
we're looking at you...
And, it doesn't work to try and sue the industrial phishing machine.
> Ultimately this patent portfolio got CR acquired by Rambus in 2011 for
> $342M: they won the startup lottery.
Wow. Funny side story: the European smart card labs knew about this
stuff well before CR. They kept it all secret, didn't patent anything.
And, lost business across to the upstart.
Big mistake ;-)
iang
More information about the cryptography
mailing list