[Cryptography] Large companies sued for using Elliptic Curve TLS?
hughejp at me.com
Tue Dec 1 13:28:28 EST 2015
> On Dec 1, 2015, at 7:08 AM, John Levine <johnl at iecc.com> wrote:
> In article <20151201070719.10e0cafa at jabberwock.cb.piermont.com>
> The patent in question is 6,202,150. Here's the first claim:
>> 1. A method and apparatus for generating public keys and a proof that
>> the keys were generated by a specific algorithm comprising the steps of:
>> the user's system generating a random string of bits based on system
>> the user running a key generation algorithm to get a secret key and
>> public key using the random string and public parameters;
>> the user constructing a proof being a string of bits whose public
>> availability does not compromise the secret key and wherein said
>> constructing of said proof requires access to said secret key, but at
>> the same time said proof provides confidence to at least one of a
>> plurality of other entities that said public key was generated
>> properly by the specified algorithm, and wherein said confidence is
>> gained without having access to any portion of said secret key.
> Perhaps I'm dim, but isn't that just a description of certificate
> signing? It couldn't possibly have been novel in 1997 when this
> patent was filed.
A Certificate does not offer “proof" that the “public key was generated properly”. It proves the identity of the public key. Unless they are not using a normal term for “proof” and/or “properly", I find this hard to believe that an EC public key can be “proven” that it was generated properly.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography