[Cryptography] Large companies sued for using Elliptic Curve TLS?

John Levine johnl at iecc.com
Tue Dec 1 10:08:25 EST 2015

In article <20151201070719.10e0cafa at jabberwock.cb.piermont.com> you write:
>Anyone know anything about this? The claim is huge numbers of
>companies (that is, end users like Macy's and GoPro) are being sued by
>a patent troll for using elliptic curve cryptography on their web

The patent in question is 6,202,150.  Here's the first claim:

1. A method and apparatus for generating public keys and a proof that
 the keys were generated by a specific algorithm comprising the steps of:

 the user's system generating a random string of bits based on system

 the user running a key generation algorithm to get a secret key and
 public key using the random string and public parameters;

 the user constructing a proof being a string of bits whose public
 availability does not compromise the secret key and wherein said
 constructing of said proof requires access to said secret key, but at
 the same time said proof provides confidence to at least one of a
 plurality of other entities that said public key was generated
 properly by the specified algorithm, and wherein said confidence is
 gained without having access to any portion of said secret key.

Perhaps I'm dim, but isn't that just a description of certificate
signing?  It couldn't possibly have been novel in 1997 when this
patent was filed.

That suggests this is the usual shakedown in which the patent owner knows
it's invalid, but is willing to settle for less than it would cost to
invalidate it.


More information about the cryptography mailing list