Andrew Ho wrote: > > On Sat, 15 Dec 2001, Tim Churches wrote: > ... > > In that thread you request prior art. The basic idea, applied to cancer > > registries and using a two-way split only, is fully described in > > Pommerening K, Miller M, Schidtmann I and Michaelis J. Pseudonyms for > > cancer registries. Methods of Information in Medicine, 35(1996) > > pp112-121. > > Hi Tim, > The intention may be simiar but the method is quite different. I cited > the two papers that describe this work in the patent: > > K. Pommerening, Pseudonyms for Cancer Registries, Meth. Inform. Med. 1996; > 35: 112-21. > > C.Quantin, et al., Irreversible Encryption Method by Generation of > Polynomials, Med. Inform. (1996), vol. 21, No. 2, 113-121. > > Their method involves splitting of the secret (anonymization, for example) > at a central anonymization office, which becomes a point of vulnerability > since confidentiality can be compromised at that point. The SDSS method > splits the secret at the user machine/site - which essentially pushes the > vulnerability back to the point of data entry. > > The way that each share of the secret gets packaged for transmission > between locales are also vastly different. If you read the patent > carefully, you will see that these are two of the major innovations of the > SDSS system.
Sorry, you are quite correct. I was working from memory and on re-acquainting myself with your US patent, I now see that it is not about secret splitting at all - I was confusing the patent with your paper: A.P. Ho. A Secret Splitting Method for the Protection of Confidentiality in Computer Records. In: Research Advances in database and Information Systems Security (V. Atluri and J. Hale, eds). Kluwe Academic Publishers, Boston 2000. It is this latter paper which is a minor but useful generalistaion of the method described by Pommerening et al. The method described in your US patent does, however, seem very similar to the Kerberos system developed at and described by MIT at least a decade earlier. The main difference is that in Kerberos the authentication database passes a time-limited authentication ticket directly back to the user, who then packages that ticket with his/her request, whereas in your system the authentication ticket is passed directly from the authentication database to the storage database, which may or may not be an advantage, depending on the circumstances. Later versions of Kerberos introduced PKI and associated key management very similar to that described in your US patent, but they still pre-date it. > After reviewing the SDSS patent, do you feel that you understand how it > works? Do you appreciate its vulnerabilities and limitations? It doesn't help that it is written in that dialect of legalese known as "patentese" - full of generalising phrases in an attempt to not limit the scope of the claims, but I think I grok it, although the description of secret splitting is rather obscure. If the idea had appeared as a scientific paper, then you would have deserved our congratulations for advancing the science of security by describing a useful simplification of the Kerberos protocol combined with the work of Pommerening et al.. But by making a patent claim, you are attempting to impede the freedom of others to use a method which is substantially derived from ideas which are already in the public domain. There are very few ideas which are truly novel - most build on prior art, and although patent applications are supposed to exhaustively describe prior art, most don't (usually unintentionally, because it is very difficult to consider all possible prior art). As a result, many patents make claims on ideas which ought to be unencumbered and in the public domain. That is the equivalent of (inadvertantly or intentionally) taking GPLed code and compiling it into a closed source software product. That's why most patents, and patents on algorithms and methods of working in particular, are a Bad Thing. Don't get me started on drug patents... Tim C
