On 2014-06-15 19:24, Tanja Lange wrote:
On Sun, Jun 15, 2014 at 02:13:04PM +0100, ianG wrote:
Or is this impossible to reconcile? If Certicom is patenting backdoors,
the only plausible way I can think of this is that it intends to wield
backdoors. Which means spying and hacking. Certicom is now engaged in
the business of spying on ... customers? Foreign governments?
Note that the majority of the claims (and the entirety of the granted
claims in the US and JP so far; they got all parts granted in Europe)
is on escrow avoidance; i.e. on using the procedure for alternative
points from the SP800-90 appendix. I.e. if a vendor gets sufficiently
worried about the potential backdoor but doesn't want to do a completely
new implementation he will opt for other points ---> royalties.
I looked at the primary documents in the USPTO databases. The part that
is missing from the US patent 8,369,213 (i.e. missing from the original
filing and the European patent I suppose) is now in the pending patent
application US-2013-0170642-a1.
Are these inventors claiming to have *invented* the backdoor in this
PRNG method? At least an USPTO examiner hints at this: "[claims now in
US-2013-0170642-A1] are drawn to establish escrow key with elliptical
curve random number generator." The inventors *describe* the escrow
technique but need not *claim* it.
Note also that the earliest (USA) filing date is 2005/01/21 as a
provisional US patent application number 60/644982.
In contrast, I would have said that Certicom's responsibility as a
participant in Internet security is to declare and damn an exploit, not
bury it in a submarine patent.
Technically, this is not a submarine patent. The publication date is
2007/08/16 (soon after the international-treaty-based 18 months delay
after the filing date applicable to the non-USA patent jurisdictions)
and anyone could have access to this information by then.
Sometimes I think a little more patent literacy might help. E.g. a
self-defense behavior for some system designer relying on the ECC
techniques would include a periodic look at patent applications freshly
published in this area and/or by the known players.
Fascinating case study anyway!
Regards,
- Thierry Moreau
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
