>
>
> One way out or the morass would be to have a reference implementation
> known not to infringe.
Absent a statement by (all) relevant patent holders, you never "know" that
something doesn't infringe. At most, you know that the patent holder(s) have
not (yet) filed suit.
You may also think that the patent is invalid. Consider claim 1 of the second
patent David cited:
1. A method for validating digital information transmitted in a data
communication system, said method comprising the steps of:
a) obtaining an elliptic curve public key generated from a corresponding
private key in accordance with an elliptic curve cryptographic scheme, said
scheme conforming to a predetermined arithmetic algorithm and said scheme
conforming to defined system parameters including an elliptic curve defined
over a finite field,
b) upon obtaining said public key, verifying said public key is a point lying
on said curve, and
c) utilising said public key in a cryptographic operation within said
cryptographic scheme upon obtaining such verification.
Claims 2, 3, and 4 are even worse:
2. A method according to claim 1 wherein verification that said point is on
said curve is performed by substituting said point in said curve.
3. A method according to claim 1 wherein said verification is performed by a
certifying authority included in said cryptographic scheme.
4. A method according to claim 3 including the step of incorporating within a
certificate an indication that said public key has been verified.
You may think that it's a mind-bogglingly obvious test to want to do. I might
think that. The patent office, however, was persuaded that it wasn't obvious.
According to law, that means that the patent is presumed valid. As Marsh has
noted, patent litigation is *very* expensive. And remember that you have to
persuade a jury of N high school graduates -- if you're lucky -- that the
experts in the patent office got it wrong.
Yes, this is FUD. Do you have deep enough pockets to fight them? Remember
that the NSA chose to license the patents instead of fighting.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
