On 16/06/2014 04:27 am, Thierry Moreau wrote:
On 2014-06-15 19:24, Tanja Lange wrote:
On Sun, Jun 15, 2014 at 02:13:04PM +0100, ianG wrote:
Or is this impossible to reconcile? If Certicom is patenting backdoors,
the only plausible way I can think of this is that it intends to wield
backdoors. Which means spying and hacking. Certicom is now engaged in
the business of spying on ... customers? Foreign governments?
Note that the majority of the claims (and the entirety of the granted
claims in the US and JP so far; they got all parts granted in Europe)
is on escrow avoidance; i.e. on using the procedure for alternative
points from the SP800-90 appendix. I.e. if a vendor gets sufficiently
worried about the potential backdoor but doesn't want to do a completely
new implementation he will opt for other points --- royalties.
I looked at the primary documents in the USPTO databases. The part that
is missing from the US patent 8,369,213 (i.e. missing from the original
filing and the European patent I suppose) is now in the pending patent
application US-2013-0170642-a1.
Are these inventors claiming to have *invented* the backdoor in this
PRNG method? At least an USPTO examiner hints at this: [claims now in
US-2013-0170642-A1] are drawn to establish escrow key with elliptical
curve random number generator. The inventors *describe* the escrow
technique but need not *claim* it.
Note also that the earliest (USA) filing date is 2005/01/21 as a
provisional US patent application number 60/644982.
In contrast, I would have said that Certicom's responsibility as a
participant in Internet security is to declare and damn an exploit, not
bury it in a submarine patent.
Technically, this is not a submarine patent. The publication date is
2007/08/16 (soon after the international-treaty-based 18 months delay
after the filing date applicable to the non-USA patent jurisdictions)
and anyone could have access to this information by then.
Sometimes I think a little more patent literacy might help. E.g. a
self-defense behavior for some system designer relying on the ECC
techniques would include a periodic look at patent applications freshly
published in this area and/or by the known players.
I guess this would be true if one is in the EC world choosing curves.
Patently, a view expressed in the act by DJB and Tanja.
But this is about international standards and an approved way of doing
RNGs. A rather different kettle of fish. We in the user community were
supposed to be able to implement a standard like DUAL_EC, perhaps get it
approved, and be done with such crapola. Or buy an approved product,
and ditto.
One would have thought that NIST, ISO, etc had long since got tired of
the notion of all that good work being done for the public benefit, only
to be snaffled by greedy patent trolls for the price of a filing.
Although it is now historical as the DUAL_EC RNG is withdrawn as a
standard, I think it would be very interesting to hear NIST's views. It
may not be submarine in some technical lingo, but it rather seems to be
asymmetrical to the standards horizon.
I wonder if NIST knew about the patent?
Fascinating case study anyway!
Indeed. I'm fascinated to understand Certicom's business thinking.
What is the business model behind patenting backdoors?
iang
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography