James A. Donald wrote: [snip] > I was under the impression that the use of ECC was obstructed by > multiple extremely broad overlapping patents, each patenting much the > same thing, but that if the NSA licenses you, your ass is covered. But > for non government uses, NSA is presumably not going to license you, and > cutting a deal with patent holders is going to be too arduous for any > organization that does not have a menacing team of lawyers in house. > > What is the patent and licensing situation with that product? Did NSA > license you to sell it to anyone?
First, I am not a lawyer, second, I may have misunderstood the intent of the laws governing patents issued to US Federal Agencies. Given these caveats, here is my understanding of the issues. First, if asked for by the patent requesting US Federal Agency, a patent may be kept secret almost forever if it is deemed to be vital to the national security, so even if the patent has expired you would not know that it ever existed in the first place. Second, the US Patent Office can be asked by a variety of US Federal Agencies and and agencies designated to be part of the defense of the US to keep a patent secret essentially forever for the same national security reasons. There are a variety of caveats that apply that might limit the secrecy provisions but you'd better have a lot of bucks to fight it out. Then there are also requirements in the US Patent law that require licensing of US Federally owned patents to promote the development of technology and science. There may be some interesting conflicts with the secrecy requirements that could be exploited. Again you'd better have a lot of money behind you. There is an interesting quirk in the US Patent law, 35 USC 157 which states: > ยง157. Statutory invention registration > (a) Notwithstanding any other provision of this title, the Director is > authorized to publish a statutory invention registration containing the > specification and drawings of a regularly filed application for a patent > without examination if the applicant-- > > (1) meets the requirements of section 112 of this title; > (2) has complied with the requirements for printing, as set forth in > regulations of the Director; > (3) waives the right to receive a patent on the invention within such > period as may be prescribed by the Director; and > (4) pays application, publication, and other processing fees established > by the Director. > > If an interference is declared with respect to such an application, a > statutory invention registration may not be published unless the issue of > priority of invention is finally determined in favor of the applicant. > > (b) The waiver under subsection (a)(3) of this section by an applicant shall > take effect upon publication of the statutory invention registration. > (c) A statutory invention registration published pursuant to this section > shall have all of the attributes specified for patents in this title except > those specified in section 183 and sections 271 through 289 of this title. A > statutory invention registration shall not have any of the attributes > specified for patents in any other provision of law other than this title. A > statutory invention registration published pursuant to this section shall > give appropriate notice to the public, pursuant to regulations which the > Director shall issue, of the preceding provisions of this subsection. The > invention with respect to which a statutory invention certificate is > published is not a patented invention for purposes of section 292 of this > title. For those wishing to read the details of 35 USC 112, you can find it at: http://www.bitlaw.com/source/35usc/112.html, but basically it just lays out the specifications required to obtain a patent. What does this mean and how does it apply to FDE you are probably asking yourself, right? Think of it this way, cryptography, of which FDE is a sub-set, is best done out in the open so that it can be vetted by many eyes and not be subject to security by obscurity. Also there is the issue of FOSS and licensing that is tearing apart elements of the *nix community as well as outrageous claims by SCO, Microsoft, and the like, to ideas that truly should not be patented in the best interests of the public at large, partly because they were common knowledge prior to the issuance of the patent and other reasons I won't go into here. So, what am I suggesting? Simple, rather than fuss about GPL 2 vs. GPL 3, or other licensing schemes that attempt to protect the publics' interest to a greater or lesser degree, such as the BSD licensing scheme, declare your ideas public property via publication (costs $20 I believe) by the US Patent Office itself. Where would this leave us? About where RedHat MySQL, and a bunch of other Linux people are right now, nobody pays for the algorithm or code itself, but rather pays for the grunt work of implementation and maintenance, the far, far bigger part of the pie in the long run. This would also help prevent the stranglehold that the government and big business have on information before it gets superseded by newer and better ideas. What would we lose? Short term profits that you have to defend tooth and nail against encroachment by others with bigger pockets for fear of your ideas being lost to you for exploitation. And some lawyers would lose some work that, in the long run, we pay for in the cost of the goods and services we buy. How would this work against NSA and other agencies declaring your idea should be kept secret in the interests of national security? I suspect that NSA does not keep someone at the patent office reading every application but rather relies on being notified by the patent office when they see something that they might be interested in. So this is where the key phrase, "...regularly filed application for a patent without examination..." comes into play. An innocuous patent application title, along with a simplistic summary at the head would evade most scrutiny, thereby allowing publication to proceed. Once the toothpaste is out of the tube it's really, really hard to put it back as Phil Zimmerman proved with PGP. He also proved that even publicly known information can be the basis of a good business. Arshad Noor of StrongAuth is doing exactly this by supporting the open standard StrongKey (http://www.strongkey.org/) and it is advancing through OASIS to an accepted standard. StrongKey is the other, vital, half of FDE - recovering that lost data when we've misplaced that key somewhere among the millions of neurons we have. We know it is there somewhere, but we just can't put fingers on it at the moment. Don't you just hate it when you ask for a password reset and then remember it *after* you clicked send? ;-> Best to you and yours and my you have a bang up Fourth, if you are so inclined, Allen _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
