[Cryptography] Large companies sued for using Elliptic Curve TLS?

Bill Cox waywardgeek at gmail.com
Tue Dec 1 15:57:34 EST 2015

On Tue, Dec 1, 2015 at 9:48 AM, Phillip Hallam-Baker <phill at hallambaker.com>

> I suspect that the basis of their claim is that shared ECC parameters are
> part of the public key and those are in fact subject to public review, see
> CFRG process. But that also fails. "wherein said constructing of said proof
> requires access to said secret key" The generation of a curve does not
> require knowledge of any private key in any of the crypto schemes we use.
> The generation of shared parameters does not require knowledge of a private
> key by definition.

These claims all rely on generating a "random" secret using "system
parameters".  The term only appears in the claims, not the text, which is a
problem for the claims, since they must be clearly understandable from the
patent body.  The patent body talks about specific methods for generating
"random" secrets only in the context of key escrow, which no one does (or
at least they don't admit it).

However, patent trolls like this are in it not to win, but to get a small
payment from a zillion companies that would rather pay the small amount
than go to trial, potentially costing ~$1M or more.  They seem to have not
bothered suing companies known for fighting patent trolls.  This is a basic
shakedown, IMO.

Man, our patent system bites.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151201/5df9809b/attachment.html>

More information about the cryptography mailing list