I would characterize the Certicom patents as falling into 3 main categories:
1) patents relating to the use of ECC in very specific application circumstances This represents the bulk of Certicom patents. For these patents you will have to do your own research as they are dependent on you application and have nothing to do with OpenSSL. 2) patents that improve the performance of the underlying mathematics For these patents, it would be difficult to say if the developers who implemented the underlying math algorithms happened to implement a patented Certicom technique. However, unless they were actually using the patent docs during implementation, I doubt that this would be the case. 3) patents on ECC techniques Now these are the ones you can find in the implementation of OpenSSL. There are two main ones here - point compression and MQV. Point compression reduces the size of an ECC public key, but ECC keys are much smaller than RSA keys even without it, so this one can be avoided. MQV is a key exchange technique. It also can be avoided by using ECDH. NSA licensed 26 Certicom patents (which includes MQV and point compression) for use in government applications with prime modulus curves greater than 255. This is a good Q&A on the details of this license http://www.certicom.ca/download/aid-501/FAQ-The%20NSA%20ECC%20License%20 Agreement.pdf NSA did not license all of Certicom's patents, only a subset for use in a limited "field of use". Bill ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: January 10, 2008 2:12 PM To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil
