Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Patents

PKWare Files a Patent Application for Secure .zip 281

Posted by michael
from the dumb-de-dumb-dumb dept.
prostoalex writes "The battle of ZIP formats might intensify as PKWare filed an application with USPTO to obtain a patent on its Secure Zip technology, which pretty much involves archiving with strong cryptography. If the patent gets granted, PKWare will license its algorithms for other software manufacturers. A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke.""
This discussion has been archived. No new comments can be posted.

PKWare Files a Patent Application for Secure .zip

Comments Filter:
  • Use PGP (Score:5, Informative)

    by unixwin (569813) on Friday July 25, 2003 @06:32PM (#6536766) Homepage
    zip & use pgp even better use bzip2 and pgp
    secure and compressed
    • Re:Use PGP (Score:5, Interesting)

      by Nathan Ramella (629875) on Friday July 25, 2003 @06:35PM (#6536778) Homepage
      Doesn't PGP already compress things before it encrypts? (Adds to the difficulty in decyphering it..)
      • Re:Use PGP (Score:5, Informative)

        by FrankoBoy (677614) <frankoboy@NOSpaM.gmail.com> on Friday July 25, 2003 @06:39PM (#6536812) Homepage Journal
        Indeed [pgpi.org].
      • Re:Use PGP (Score:3, Informative)

        by daveq (645397)
        The reason it encrypts beforehand is that you can't really compress encrypted data. Well encrypted data should appear random.

        PGP's algorithm of choice for compression may not be as cool as yours though, so you may want to use bzip2 anyway for particularly large files.

      • Re:Use PGP (Score:3, Interesting)

        by Ian Bicking (980)
        Also you can't usefully compress encrypted content -- if you could find compressable patterns in an encrypted message, it wouldn't be very well encrypted, would it?

        A strong encryption process shouldn't need compression for security. But compression can easily improve the speed of the encryption, since if you compress the text that means that much less text to encrypt (and compression is usually a lot faster than encryption).

        • Re:Use PGP (Score:3, Insightful)

          by gregbaker (22648) *
          Also you can't usefully compress encrypted content

          Says who?

          Consider piping your PGP output through this:

          perl -pe "s/(.)/\$1\$1/g"

          Is it compressable? Yes. Less secure? No.

      • so does gpg. www.gnupg.org.

        Can we all say, "late!"
    • Why not GPG? (Score:4, Insightful)

      by David Hume (200499) on Friday July 25, 2003 @06:42PM (#6536840) Homepage

      zip & use pgp


      Why not zip and then use GPG [gnupg.org]?

    • geek factor (Score:3, Informative)

      by poptones (653660)
      The geek factor is the prime reason so much great open source software lacks the pentration to usurp proprietary, sometimes patented widgets like this one.

      I use PGP for just about everything (I have a built in "roaming profile" via PGPdisk) but I don't believe it compresses stuff (if it does you sure can't tell it - a 600MB PGPdisk won't hold more than 550MB before it gets so fragged you can hardly use the CD). You can use NTFS and compression, but that's not nearly as efficient as zip and you can't mount

    • Re:Use PGP (Score:5, Funny)

      by yintercept (517362) on Friday July 25, 2003 @07:02PM (#6536980) Homepage Journal
      Of course, if this is one of those "we've patented the world" claims, then any program that produces an encrypted file that is smaller than the original would be in violation of the patent.

      There is still room for encryption programs that make files bigger. I've been thinking of making a program that would automatically pad a document with additional legal verbiage and routinely add one billable hour, and see if I could sell it to the legal community.
  • by flewp (458359) on Friday July 25, 2003 @06:32PM (#6536772)
    but I want a secure zipper. So many people are trying to get into my pants it's outrageous.
    • Somebody modded this as overrated? Must be on crack. The mere suggestion that anybody's trying to get into the pants of a slashdotter is hilarious (if a bit overused...)
  • by extrarice (212683) on Friday July 25, 2003 @06:37PM (#6536793) Homepage Journal
    [quote]
    A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke."
    [/quote]

    This quote is funny coming from a company that sells a competing compression format (.sit)
    • by Anonymous Coward on Friday July 25, 2003 @08:05PM (#6537298)
      I would not consider .sit a competitor to .zip. StuffIt is the .zip for the Mac niche. It's the only archive format out there that is sensitive to Mac OS resource forks. For certain types of Mac files (read: most), putting your data into a zip archive will render them useless. Though reliance on the resource fork is decreasing in Mac OS X.

      Aladdin writes software handles zip files, too. So they DO care about inter-operability. They have a perfectly honest and legitimate interest in this.
      • It looks like .sit archives are in decline while people are using disk images more.

      • by innate (472375) on Friday July 25, 2003 @08:54PM (#6537520)

        You're partly right. StuffIt was the main compression format until OS X came along, but it's not the only format that preserves resource forks.

        Today you'll mainly see .dmg (disk image) format, which features compression, optional encryption, and preserves resource forks. Also common are .pkg (a compressed installer, which can include files with resource forks) and .tar.gz files (I don't think they preserve resource forks).

        And some folks still use Stuffit .sit files.

      • It's still damn two-faced, though. They managed to convince legions of Mac users to use a proprietary archiving format (all StuffIt 3.x and later were undocumented), but they placated desire for cross-platform capability with support for all the common PC formats (without Mac features, natch). They also changed the format a lot (in 5.x and again in 7.x), possibly in response to other people reverse engineering it [mindvision.com].

        Thus Aladdin took full advantage of the openness of the ZIP format for so long, for compatibil

  • by smeenz (652345) on Friday July 25, 2003 @06:37PM (#6536795) Homepage
    <tongue location=in_cheek>

    It's good to see Aladdin Systems are demonstrating their lossy text compression technology by saying that the ZIP format is "getting broke" rather than "getting broken"

    </tongue>

    • Your XML is not well formed, it should look like this:

      <tongue location="in_cheek">

      It's good to see Aladdin Systems are demonstrating their lossy text compression technology by saying that the ZIP format is "getting broke" rather than "getting broken"

      </tongue>
      You need to quote all attribute values!
  • 7-zip (Score:5, Interesting)

    by fredrikj (629833) on Friday July 25, 2003 @06:38PM (#6536802) Homepage
    Everybody, start using the (open source) 7-zip [7-zip.org] instead.
    • Re:7-zip (Score:5, Informative)

      by pla (258480) on Friday July 25, 2003 @07:03PM (#6536986) Journal
      Everybody, start using the (open source) 7-zip instead.

      No kidding. It amazes me that a lot more people don't use this - It handles all the major formats (zip, tar, gz, bz2, cab, no "sit", though) better than the "native" program for them does, and hey, open source to boot. And, its "7z" format really does get 10-30% better compression than even bzip2.


      Gotta agree with the other response to you, though - the interface needs MAJOR work. It doesn't "look" bad, but feels very counterintuitive. Hell, if they totally eliminated the psuedo-explorer-esque look and just let me drag-and-drop, I'd consider it perfect.
    • Also, everybody, start using broadband and DVD-RW instead of .zip and floppies.
    • Re:7-zip (Score:3, Informative)

      by shish (588640)
      A couple of things:

      o) It's windows only, and WINE won't run the main thing
      o) The self extractors it creates *do* run under wine - so if you get a .7z file and you're on linux, do `cat 7z.sfx file.7z > newfile.exe` (7z.sfx being the self-extraction header)
      o) I want a native linux version!
  • extensions (Score:5, Insightful)

    by exhilaration (587191) on Friday July 25, 2003 @06:41PM (#6536827)
    Ideally, a new extension should be used for any format that is incompatible with existing ZIP archives. For example, EZP for encrypted zip, or SZP for secure zip.

    But it's likely that they'll keep using ZIP because of its brand recognition. That's really too bad, but at the same it might frustrate people enough to get them to try another compression format, like BZIP.

    • Re:extensions (Score:5, Insightful)

      by dmeranda (120061) on Friday July 25, 2003 @07:08PM (#6537014) Homepage

      What's an extension? I use Content-Types like application/x-patented-zip and name all my Zip(TM) files "archive.this.is.not.tar", and when I am forced to use Windows I never see an "extension".

      Seriously, the true value of their intellectual "property" (sic) is that of their trademarked brand name. As an archive format it is pretty uninteresting. Everybody knows what "zip" means. Adding a patent in this area to me seems like a dumb move; another one of those all-to-common desparation moves by a failing company to have the USPTO save it. In the late 1990s companies looked for VC firms to save them from their own shortcomings, today the trendy savior seems to be the USPTO.

      To me this move just screams "Use our patented technology to secure your important files....BTW you must use only our software and we can revoke your rights to use our patent at any time rendering your important files so secure that not even you can read them legally again!" That's enough to keep me from using their format; it's my data and I don't want my access to it to be contingent upon some party outside of my control.

      • What's an extension? I use Content-Types like application/x-patented-zip and name all my Zip(TM) files "archive.this.is.not.tar", and when I am forced to use Windows I never see an "extension".

        That makes no sense, and I think you're making it up.

        First of all, you say you use Windows (when forced to or whatever), so if you name an ZIP file "archive.this.is.not.tar" it will open in your TAR opener when double clicked, and probably just give you an error. Plus it will have a TAR icon (or none at all) instea
  • by Satan's Librarian (581495) <mike@codevis.com> on Friday July 25, 2003 @06:41PM (#6536830) Homepage
    of a a company going to hell after its founder [donzeigler.com] is gone, it can't innovate anymore, and it starts getting beaten to a pulp by its competitors [winzip.com].

    seems like a familiar story to me.

    • Interesting how some dying companies spawn off their stuff as open source, and some put 100% of their efforts on suing others for IP infringement.
      • The interesting bit is that PKWare has done both. Because Phil Katz documented both his algorithm and file format, the open-source Info-Zip project was able to get off the ground. The Info-Zip code was later incorporated into such open source products as gzip and zlib, and in such shareware products as WinZip.
    • Yeah, it's sad. He went to the college I attend currently, which is not known for CS but a few good minds have come from it. He was all but gone well before he died a pathetic and sad death, hanging around strippers and being consumed by alcohol. He was a man with an idea and was able to capitlize on it and helped the idea of shareware become accepted so amateur programmers could make a little scratch on their software while still offering it to all regardless of paying or not.

      Anywasy, it does kind of s
    • by FattMattP (86246) on Friday July 25, 2003 @08:35PM (#6537430) Homepage
      Can't innovate anymore? How about can't innovate to start with? Phil Katz took an open-source program, copied it wholesale, rewrote some stuff in assembler, and ignored the original author's license entirely [esva.net].
    • by Watts Martin (3616) <layotl&gmail,com> on Friday July 25, 2003 @09:09PM (#6537589) Homepage

      Except that they started out in hell, because their founder ripped off Thom Henderson's ARC to make his original program.

      Back in the BBS days, we were all rallied to support good ol' Phil against the evil Big Company, System Enhancement Associates, who was suing to keep Phil's faster PKARC from eating the original ARC program's lunch. BBS sysops were encouraged to boycott ARC. It worked. It ruined System Enhancement Associates.

      Except the funny thing is, SEA was right. They won the lawsuit because Katz hadn't just reimplemented ARC, he stole their source code. That always gets left out of the retelling, even though the reason ZIP exists as a format is because Katz was ultimately prevented from using the ARC format and compression routine. The reality is also that even then, PKWare was a bigger company than SEA ever was. ARC was a commercial program, but had a very unusual license (for the time) allowing people free access to the source code if they wanted to port it to non-DOS platforms. Katz baldly abused this license and, in the end, got away with it. ZIP did end up with an improved compression scheme which I presume PKWare came up with, although there's some evidence that the all-but-ignored ARC 7 outperformed it. (PKARC was, IIRC, based on ARC 5.)

      Ben Baker has a description of the history [esva.net] of this whole affair at the website of Thom Henderson (ARC's author). Henderson also has his own commentary, which I would describe as "gently acid."

    • Does anyone remember the dedication message which came with the original ZIP?

      The file format of the files created by these programs, which file format is original with the first release of this software, is hereby dedicated to the public domain. Further, the filename extension of .ZIP, first used inconnection with data compression software on the first release of this software, is also hereby dedicated to the public domain, with the fervent and sincere hope that it will not be attempted to be appropriate

  • I'll stick to bzip (Score:3, Insightful)

    by Aeonsfx (675982) on Friday July 25, 2003 @06:45PM (#6536869) Journal
    Hmm, I don't see why this is such a big deal.... bzip pretty much compresses higher than 'em all. That plus, its GNU-free ^_^ zip? I don't really see why encryption was ever a critical feature in the format, (I thought it was a bunch of proprietary schemes to begin with) but I'll continue to use it to send some files.
    • bzip2 is really slow, and can only compress one file at a time, while zip can compress an entire directory hierarchy. That's why if you have more than one file to compress, you have to tar them first (although gnutar can do bzip2 at the same time, so it's mostly a non-issue).

      (Speaking of which, what's up with the bzip2 option changing from I to y to j? Couldn't they just pick something and stick with it?)

      By the way, although WinZip can decompress gzip files, it cannot decompress bzip2 files AFAIK, which
  • by interiot (50685) on Friday July 25, 2003 @06:46PM (#6536874) Homepage
    The replacement for pkzip should be gzip. Not only is it specified in the open via rfc [faqs.org] but it's implemented in internet explorer and friends.
    • by Ian Bicking (980) <ianb&colorstudy,com> on Friday July 25, 2003 @07:36PM (#6537159) Homepage
      I believe the zip format allows for much faster decryption of individual files inside an archive, compared with tar+gzip -- pkzip keeps an index of all the files in the archive, whereas gzip is content neutral, so you have to decompress to get at the underlying tar file.

      .gz.tar would be something different (a tar with its constituent files gzipped). I know nothing about how efficient tar is about accessing individual files, but I don't believe it's very efficient.

  • by AnotherBlackHat (265897) on Friday July 25, 2003 @06:47PM (#6536878) Homepage
    Gotta wonder how they got that past the examiner.
    "No no, pkzip isn't prior art... the patent only covers the novel idea of using strong encryption"

    -- this is not a .sig

    • Not a bad idea actually. I've gone and obtained patents for:
      - Encryption + Image format
      - Encryption + EDI Data
      - Encryption + Weblogs
      - Encryption + Audio files
      - Encryption + VCS

      I know you're all thinking "prior art", but since when has that ever stopped anyone from getting a patent? Besides, I am using strong encryption, oh yes.
  • gzip? (Score:2, Interesting)

    by mwing (664838)
    I think all windows Zip software supports tar and gzip.. Why, oh why do people still compress everything with zip? If they want to compress whatever they want, why not use the open standards?

    Hell, even the "pirates" and "hackers" are using something else (rar, ace).
    • by swb (14022)
      Zip archives support the functionality of archiving (TAR) and compressing (GZ) in the same file with a single step.

      All of the implementations of Winzip-type applications I've used on Windows don't treat .tgz files as a unified compressed archive the way tar does (tar -xzf foo.tgz). They decompress the tar file and make you open the archive seperately after decompressing it.

      Which to the 15% of the non-technical computer user base that's actually figured out what ZIP does and how to use it would mean a flo
  • It also looks like PKWare isn't going to put their new stuff into the public domain, as they did with their deflate algorithm. Considering the fact that I haven't used a PKWare product to handle ZIP archives since the DOS days, this is probably the only way they can survive.

    I guess we won't be seeing a free Linux version any time soon either. Not that we need it, GPG does a good enough job at compression and multi-platform compatibility to make this completely unnecessary.

  • PK (Score:5, Informative)

    by semanticgap (468158) on Friday July 25, 2003 @06:53PM (#6536915)
    For those too young to remember - PK are initials of late Phil Katz, the original author of PKZip, a pretty unusual character. Here's a link [go.com] about how he died.

    AFAIK the company is now run by his mom pretty much.
    • Re:PK (Score:3, Interesting)

      by nadaou (535365)
      It should be noted that Mr. P.K. had some murky IP issues of his own. Basically he did some assembly level editing & optimizing of Thom Henderson's .ARC format and released it as his own, which grew to be .ZIP..
      He basically stole it.
      [esva.net]
      http://www.esva.net/~thom/philkatz.html


      Any karma really belongs to the person who posted this last time it came up on slashdot, but I thought this should be mentioned at +2.
  • by phr2 (545169) on Friday July 25, 2003 @06:55PM (#6536928)
    Would an encrypting version of GNU Tar be prior art? I put Blowfish into GNU Tar in the mid 90s and posted to Usenet about it [google.com] in 1996 and at various other times. I've offered to send out copies [google.com] and a few people have asked for and gotten them. I'd think that constitutes publication.

    There's also a Usenet thread about encrypting archive programs [google.com] including some modified Zip programs.

    • It's very likely that the patent does not cover all possible (or even useful) forms of encrypted pkzip, but it does cover the particular technique that PKWare is using. If that is the case, other software could not support this format of secure zip file without a license from PKWare. Prior art probably doesn't matter so long as they aren't trying to patent the very concept of encrypted zip files, but just the particular implementation used in their format.

      If that is the case, and considering how many i

  • by Anonymous Coward on Friday July 25, 2003 @06:56PM (#6536943)
    It's important to note how the strong encryption
    differs from other pkzip crypto methods.
    A zip45 file begins with:

    central file header signature 4 bytes (0x02014b50)
    version made by 2 bytes
    version needed to extract 2 bytes
    general purpose bit flag 2 bytes ... etc ...

    In a zip file, if the GENERAL PURPOSE bit flag is set
    (bit 0 of the 2 byte field) it means the file is encrypted.

    The PKZIP encryption scheme was designed by Roger
    Schalfly, who is evidently the son of the famous
    (1980s anti-women's rights) republican spin mastah
    Phyllis Schlafly. But anyway.

    Each encrypted file has an extra 12 bytes stored at
    the start of the data area defining the encryption
    header for that file. The encryption header is originally
    set to random values, and then itself encrypted, using
    three, 32-bit keys. The key values are initialized using
    the supplied encryption password. After each byte
    is encrypted, the keys are then updated using
    pseudo-random number generation techniques in
    combination with the same CRC-32 algorithm
    used in PKZIP and described elsewhere in this document.

    The following is the basic steps required to decrypt a file:

    1) Initialize the three 32-bit keys with the password.
    2) Read and decrypt the 12-byte encryption header, further
    initializing the encryption keys.
    3) Read and decrypt the compressed data stream using the
    encryption keys.

    For step one, you jack up your karma whorin' by pasting
    the following key sets:

    Key(0) > 24)
    end update_keys

    In step two, often associated with total karma whorin',
    one also (*cough* karma whore) loops through the
    buffer with:
    loop for i > 8
    end decrypt_byte

    After the header is decrypted, the last 1 or 2 bytes in
    Buffer should be the high-order word/byte of the CRC for
    the file being decrypted, stored in Intel low-byte/
    high-byte order. Versions of PKZIP prior to 2.0 used a
    2 byte CRC check; a 1 byte CRC check is used on
    versions after 2.0. This can be used to test if the
    password supplied is correct or not.

    In step 3, we continue to blatantly violate copyright laws
    while whorin' karam with:

    loop until done
    read a character into C
    Temp - C ^ decrypt_byte()
    update_keys(temp)
    output Temp
    end loop

    So that's about it.
    • Yeah.
      Might be useful to note that you just described the OLD encryption method used back in PKZIP 2.04g. The method that's already fully described in the publically available PKZIP Application Note [pkware.com].

      The encryption used now is quite a bit different, supporting RC2/RC4-64/128, 3DES-112/168, and AES-128/192/256. Oh, and there's also the business about using a passphrase and/or a list of recipients (dig certs) to encrypt the files. THAT is the strong encryption they're talking about.
      • So...
        They are using the zip format (which is in the public domain per the origional author), and AES (which is in the public domain thanks to the fed governments mandate that the winner be made such) and combining them, and suddenly this is patent worthy..... I just LOVE the USPTO, NOT.
    • Oh, c'mon.. someone with a few moderator points please *read* that post, and then pull it down a few notches!

      "you jack up your karma whorin"
      "total karma whorin'"
      "(*cough* karma whore)"
      "we continue to blatantly violate copyright laws while whorin' karam"

      Informative, indeed.. Only information there was possibly the zip header structure, and even that is probably suspect...
  • by kaltkalt (620110) on Friday July 25, 2003 @06:57PM (#6536955)
    Just thinking out loud to myself here. I thought good cyphertext is as close to random as possible, and thus can't be compressed. Or can you compress the file first, then encrypt it? I am no expert on this (obviously) so I could be totally pulling this from my ass. Anyone know how this works?
  • by brianosaurus (48471) on Friday July 25, 2003 @06:57PM (#6536956) Homepage
    I can't even believe there is any doubt they will receive a patent for this, even if it isn't anything particularly interesting. In fact I'll be presently surprised if the PTO actually recognizes the existance of plenty of prior art. Maybe they don't even need to recognize prior art, just the fact that encrypting a zip file is obvious.

    Its insane that you can patent "Doing something someone already did, but doing it to THIS instead of THAT." I can, perhaps, buy an argument that encryption (like the first time anyone did it) was patentable. Maybe even that different algorithms for encryption could be patentable.

    But once encryption is there, applying encryption to ANYTHING should not be patentable. A zip file is just data. Encrypting it (or encrypting the contents) is not a novel concept.

    So while I would love to see the PTO demonstrate some miniscule amount of clue and reject the patent, I will be very surprised if they actually do.
    • Its insane that you can patent "Doing something someone already did, but doing it to THIS instead of THAT."

      OK then it's insane that you can patent...

      ...using a cable to control a control a fixed-wing aircraft.

      ...using a weight to prevent a boiler explosion.

      ...using a centrifugal device to regulate a steam engine.

      In fact, aren't most patents just a case of using X on Y, where the combination of X and Y were never thought of before?

      That's the key though--never thought of before. Also, it has t

    • If your goal is to foster a standard and then make money off licensing, how da fuck you gonna do it without a patent?

      Understand unique doesn't have to mean "no one else did it." All it has to mean is "THIS is how WE did it and you can't do it OUR way without paying us." This is how MPEGLA can make people pay for using MPEG - even 'tho there's a thousand similar ways to do it, most of them don't interoperate without making use of that IP.

      If your goal is to protect an invention, patents can do it. But they

  • by jetmarc (592741) on Friday July 25, 2003 @06:59PM (#6536965)
    Ok, I know that ZIP is known for notoriously weak security.

    But is it worth a PATENT to now associate the "security" features of ZIP
    with "strong cryptography algorithms"?

    That's like Microsoft filing a patent for a "not crashing OS", as reaction
    to market research reports that show how people are not happy anymore with
    traditional (crashing) MS products.
  • by ---- (147583) on Friday July 25, 2003 @07:01PM (#6536977)
    With the WinZip 9.0 Beta announcement [winzip.com] there is this little tidbit ...

    "Advanced encryption
    WinZip 9.0 supports 128- and 256-bit key AES encryption, which provide much greater cryptographic security than the traditional Zip 2.0 encryption method used in earlier versions of WinZip.

    WinZip 9.0's advanced encryption (FIPS-197 certified) uses the Rijndael cryptographic algorithm which, in 2001, was specified by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standards (FIPS) Publication 197 as the Advanced Encryption Standard (AES).

    After a three-year competition, the AES was announced by NIST as an approved encryption technique for use by the U.S. government, private businesses, and individuals. When properly implemented as a key component of an overall security protocol, the AES permits a very high degree of cryptographic security, yet is fast and efficient in operation.

    WinZip's AES encryption is just as easy to use as traditional Zip 2.0 encryption: all you have to do is select the encryption strength and specify your password.

    Note: recipients to whom you send AES-encrypted Zip files must have a compatible Zip file utility in order to decrypt the files. At this time, WinZip 9.0 is required. We have, however, published the full specification for creating WinZip-compatible AES-encrypted Zip files [winzip.com], and we expect that other Zip file utility vendors will provide support for the format. "


    Funny, it sounds like either they already reverse engineered the pkware zip encryption, or established their own encryption.

    I wonder how many times users will complain to company xyz (that is using pkware encryption for their products) about their files not working in winzip, before company xyz will drop their pkware proprietary encryption in favor of winzip's published (and functional) encryption.

    /* ---- */
  • by dmeranda (120061) on Friday July 25, 2003 @07:21PM (#6537085) Homepage
    "What we've filed a patent for is the whole method of combining.zip and strong encryption to create a secure.zip file," said Steve Crawford, the chief marketing officer at PKWare.

    Who would patent just half the method?

    I sure hope he didn't mean they're trying to patent the entire concept of encrypting zip files regardless of the algorithm or method. Because I've been encrypting zip files (among many other types) for a decade.

  • by lfourrier (209630) on Friday July 25, 2003 @07:27PM (#6537115)
    1. "What we've filed a patent for is the whole method of combining.zip and strong encryption to create a secure.zip file," said Steve Crawford, the chief marketing officer at PKWare. The patent was filed with the Patent Office on July 16, he said.
    2.In May of this year, WinZip developed its own method of strong encryption, which incompatible with the PKWare product.
    3.Crawford believes that WinZip will be a potential licensee. "The basic approach of combining encryption of.zip is covered by the patent, so what WinZip has done, I believe, would be covered by the patent."

    If 3 is true, 2 is clearly prior art. So why patent?

    There is something rotten in IP kingdom.
    • You have two years from when you 'announce' before you have to file a patent. So if PKware announced encrypted zip, and then WinZip also implemented encrypted zip, PKware can still file a patent.
    • So that's the strategy. They can't sell their POS crippleware Windows product, so they'll file a patent to go after the good Windows product that kicked their butts in the marketplace.

      If I were the author of WinZip, I'd tell them to go fsck themselves, remain incompatible with them, and watch while the "original" PKware is marginalized. Hardly anyone uses it, anyway.

  • People working on secret project. Send sensitive files in.. Encrypted .zips.
    The ones you can crack in 4 hours at most.

    Why? "everyone has zip" and "it's good enough" (Yes, indeed! Evil hacker people who intercept your e-mail on the internet through a myriad of complicated hacks and deceptions will never think to download a .zip cracker!).

    Nevermind that everyone has Outlook [other S/MIME mailreaders available], and that for all it failings, it does a pretty good job of strong S/MIME encryption using X.509 c
  • "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke."

    BULLSHIT. PkWare gets this patent, and not two seconds will elapse before Aladdin Systems licenses it for use in their StuffIt program. That's because they will need to support the format in order to be relevant.

    As for free software, you'll simply download a patch that says, "For educational purposes only, do not use without a license from PkWare." And guess what people will do.

    On the other

  • The de facto standard for ZIP files today for the dominant platform, which, whether we like it or not, is Windows, is WinZip, anyway.

    This attempt to "embrace and extend" what was previously an open format is pretty sad. I'm sure Phil Katz is spinning in his grave, since he created PKware to market his alternative to System Enhancement Associates' .ARC format. The .ARC extension had been in use since just about the dawn of time, but SEA sued Phil Katz for using it. Thus, .ZIP was born. Now it looks like the

  • by SEE (7681) on Friday July 25, 2003 @08:54PM (#6537518) Homepage
    It'd be interesting to see exactly what the scope of the claims are in the patent, since this is a potential threat to encrypted gzip as well.

    How?

    Zip and gzip use the same 'deflate' compression alogrithm. In fact, zlib [gzip.org] was based on the Info-Zip [info-zip.org] code, a free software/open source alternative to pkzip, and the GZip homepage [gzip.org] specifically credits Info-Zip as where "all this started", and mentions that the decompression code was based on the code of the major author of Info-Zip. And WinZip's .zip support is another direct derivative of this Info-Zip code.

    So, gzip, zlib, Info-Zip, and WinZip all share common code from common authors implementing the same algorithm. As a result, it would take a very narrowly-tailored patent to allow gzip-and-encryption without allowing Winzip's zip-and-encryption.
  • I've already got and had secure zip files for years.

    somestuff.zip.pgp

    whoah! what a concept!
  • by charlesbakerharris (623282) on Friday July 25, 2003 @09:00PM (#6537545)
    If they patent the process, the smart thing for them to do would be to release the decoder as a part of their basic freeware utility, then charge for the ability to zip/compress everything.

    That way, you could always still send either an unencrypted or an encrypted zip - you pay for the ability to encrypt them, fine, but you can unencrypt them easily enough no matter where you are or whose winzip you're using.

    It's kinda like Acrobat - anyone can read their files, nobody can create them without buying the utility (blah blah freeware acrobat writers, I know...)

  • by JVert (578547) <corganbilly@NOSPAm.hotmail.com> on Friday July 25, 2003 @09:41PM (#6537729) Journal
    Software alone should be an exception from patents. Copyrights are ok to protect branding but patenting algorithims is like patenting a shortcut for a daily commute. People built cars and roads to you could use them as you wish. Same thought behind people building hardware and compilers.
  • by Wakkow (52585) *
    Isn't this a dupe from last month?

    http://slashdot.org/articles/03/06/10/1542216.shtm l?tid=185 [slashdot.org]

Advertising may be described as the science of arresting the human intelligence long enough to get money from it.

Working...