On Aug 20, 2013, at 1:38 PM, Perry E. Metzger wrote: > What is the current state of patents on elliptic curve cryptosystems? > (It would also be useful to know when the patents on such patents as > exist end.) As the Wikipedia article http://en.wikipedia.org/wiki/ECC_patents makes clear, the situation is ... unclear. Certicom has a large number of patents, the most general of which seems to be http://www.google.com/patents/US6141420, which has a priority date of July 29, 1994 and a filing date of Jan 29, 1997 - so has another 3.5 years to go. It also holds many other patents - the NSA says more than 130 related patents. But their validity is unclear: The only lawsuit mentioned (Certicom went after Sony) was settled, but Sony at the time was claiming prior art. RSA asserts (but says this isn't a legal opinion) that all of Certicom's patents are on particular implementation techniques, and that other techniques can be used to avoid the patents. There are related patents held by everyone from Cylink to HP to Apple.
With no cases argued all the way through, it's impossible to evaluate the strength or actual breadth of the claims. The situation is unsettled enough that commercial implementors will generally avoid treading in the area except for the particular curve that NSA licensed and allowed for general use. RSA seems willing to challenge that position: As part of its BSAFE library, it provides elliptic curve implementations over a variety of curves, not, it seems, just the one NSA licensed (http://www.emc.com/collateral/data-sheet/11433-bsafe-tech-table.pdf). -- Jerry > Perry > -- > Perry E. Metzger pe...@piermont.com > _______________________________________________ > The cryptography mailing list > cryptography@metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
