[Cryptography] Large companies sued for using Elliptic Curve TLS?

Allen allenpmd at gmail.com
Tue Dec 1 09:44:13 EST 2015

I didn't look up the cases in PACER but the paperwork looks real.  It
alleges infringement of Claim 1 in


A method is provided for an escrow cryptosystem that is overhead-free, does
not require a cryptographic tamper-proof hardware implementation (i.e., can
be done in software), is publicly verifiable, and cannot be used
subliminally to enable a shadow public key system. A shadow public key
system is an unescrowed public key system that is publicly displayed in a
covert fashion. The key generated by the method are auto-recoverable and
auto-certifiable (abbrev. ARC). The ARC Cryptosystem is based on a key
generation mechanism that outputs a public/private key pair, and a
certificate of proof that the key was generated according to the algorithm.
Each generated public/private key pair can be verified efficiently to be
escrowed properly by anyone. The verification procedure does not use the
private key. Hence, the general public has an efficient way of making sure
that any given individual's private key is escrowed properly, and the
trusted authorities will be able to access the private key if needed. Since
the verification can be performed by anyone, there is no need for a special
trusted entity, known in the art as a “trusted third party”. The
cryptosystem is overhead free since there is no additional protocol
interaction between the user who generates his or her own key, and the
certification authority or the escrow authorities, in comparison to what is
required to submit the public key itself in regular certified public key
systems. Furthermore, the system is designed so that its internals can be
made publicly scrutinizable (e.g., it can be distributed in source code
form). This differs from many schemes which require that the escrowing
device be tamper-proof hardware.

What we claim is:
1. A method and apparatus for generating public keys and a proof that the
keys were generated by a specific algorithm comprising the steps of:
- the user's system generating a random string of bits based on system
- the user running a key generation algorithm to get a secret key and
public key using the random string and public parameters;
- the user constructing a proof being a string of bits whose public
availability does not compromise the secret key and wherein said
constructing of said proof requires access to said secret key, but at the
same time said proof provides confidence to at least one of a plurality of
other entities that said public key was generated properly by the specified
algorithm, and wherein said confidence is gained without having access to
any portion of said secret key.

Netflix has moved for dismissal on the grounds that

Claims 1-4 and 17 of U.S. Patent No. 6,202,150 (“the Asserted Claims”) are
indefinite under 35 U.S.C. § 112 as each claim is expressly directed to
both an apparatus and a method, in violation of Federal Circuit law
prohibiting a claim from covering more than one statutory class of subject
matter. As exemplified by claim 1 reproduced below, the plain language of
the Asserted Claims expressly recite “method and apparatus”. Accordingly,
and as further explained below, the grounds for invalidity of all the
Asserted Claims are manifest; no claim construction, discovery, or factual
inquiry is needed. This threshold issue disposes of the case. Moving
forward with the case would unnecessarily expend judicial and party
resources on unsustainable patent claims.

See https://regmedia.co.uk/2015/11/30/cryptopeaknetflixmotion.pdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151201/d84cfb1f/attachment.html>

More information about the cryptography mailing list