Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Patents

Patent Claimed on System-Level Encryption 230

nattt writes "The Register is reporting that a Californian firm, Maz Technologies has been granted a patent for application independant file encryption, and is now going after other companies with its lawyers to press its claims. It seems that the US patent office doesn't check very well for prior art, and their laxity is causing small firms that get attacked on infringing these bad patents a lot of money to defend themselves."
This discussion has been archived. No new comments can be posted.

Patent Claimed on System-Level Encryption

Comments Filter:
  • Wasn't the federal gov trying to make incryption illegal... I may be misinformed
    • Wasn't the federal gov trying to make incryption illegal

      Think SSSCA and DMCA...they're trying to make it illegal not to use encryption.
      • Except when Joe Smith wants to use PGP. While that particular kettle has died down again, I'm willing to bet that it's on the minds of the Homeland Security folks.

        What they want is encryption in the hands of those with the power, not the rest of us.

        • Yeah after all, anyone who uses encryption must have something to hide, and if you have something to hide from the goverment, then you must be a criminal.

          While we are talking about patents, I think I'll get a patent on factoring, but only factoring of numbers on thursdays. This way I can get my lawyers to go after anybody useing SSH on a Thursday.

          Then I'm going to get a pantent on a method of looking at people ugly with my eyeballs, and sue people who give me dirty looks for my awsome patents.
  • Here's a thought... (Score:5, Interesting)

    by XoXus ( 12014 ) on Friday March 22, 2002 @10:07PM (#3211300)
    Just a thought ... would it be possible for these small companies to sue the US Patent Office for costs relating to bad patents?
    • You beat me to it. Private companies that do their jobs this negligently are open to lawsuits. Maybe that's what it will take to get the USPTO to clean up its act.
      • by rho ( 6063 ) on Friday March 22, 2002 @10:37PM (#3211397) Journal

        And you've just struck on the problem of having the government do anything...

        Suing the governemt, while possible, is an extremely daunting prospect. It takes lots of time and lots of money--two assets the government has in plenty, whereas most private companies or individuals don't.

        Now, if the government wasn't doing so many other non-Constitutional things, perhaps some attention could be paid to the patent office and things like this could be prevented... nahh, I'm just a lunatic...

        • This patent is too wide-scoped for mere "private companies". Huge corporations have OS-independant encryption. They have the money to fund this sort of lawsuit. Hell, they have more money than the government, since they are the ones paying off the government for this sort of thing anyway.
          • While corporations might have the money, in a theoretical sense, they don't have the *profits* to fight such a battle. It would *not* "enhance shareholder value" to fight a long, *political* battle over a patent. Better to find some loophole, or some other method, to allow the corp to continue as before.

            I don't know the ratios, but I imagine that if you looked, most freedom-inspired battles before the supreme court stem from individuals, not corporations.

    • by Keybase ( 156846 )
      A lot of companies that are or have been affected by bad patents should get together and sue the patent office for a ridiculous sum (say 5 billion). Maybe it would get enough attention to effect some change.
      Then maybe I'm dreaming.
    • by stinkypantshomer ( 568411 ) <stinkypantshomer@hotmail.com> on Friday March 22, 2002 @10:23PM (#3211362)
      what about legitimate patents like this one? You can exercise your cat with a Method of exercising a cat [delphion.com] People have cats... cats need exercise... I see problem solved!
    • If I recall correctly (IANAL), you can not sue the government or an agency of the government without their permission to sue you. You can, however, sue individual people in the agency, but not the agency itself.
    • by Gorobei ( 127755 ) on Friday March 22, 2002 @11:06PM (#3211472)
      This is an idea that sounds good on the surface but is actually very bad.

      If you could sue the USPO, the majority of suits would be from companies suing to have their patents *granted*. Being able to sue would just give them a second whack at the pinata.

      Normal small companies and rational individuals would not sue to have bad patents denied: if you have the money to go to trial, it's better to wait until the patent is enforced in an unfair way.

      So, could you restricts suits to reimbursing the costs of unfair patents? "Unfair" would need to mean that a court had invalidated the patent or restricted its scope, so the defendant would already have gone to trial for patent infringment, and prevailed. In this case, he may well ask for court costs, and get them (especially in a David & Goliath situation) so the USPO incompetance has, in some sense, cost him nothing.

      If the defendant can't afford to defend himself in court, no one is going to judge the patent to be "bad."

      IANAL, etc.
      • by Frank T. Lofaro Jr. ( 142215 ) on Saturday March 23, 2002 @02:52AM (#3211977) Homepage
        Since when does the patent office deny a patent?

        They allow patents on things for which prior art exists, even things for which prior PATENTS exist. IBM got a patent on LZW and then Unisys was granted their patent on it - the patent office either didn't check for a prior patent or didn't realize the 2 patents described the same thing.
        And Unisys wants us to pay THEM? IBM should be more pissed than they are.

        Oh, yeah, they will deny a patent for a "perpetual motion device", unless you are clueful enough to call it something different, like an "overunity device". 1/2 ;)

        Here is a GNU page describing the GIF situation and mentioning the 2 LZW patents [gnu.org].

        Also, even if someone can afford to fight a lawsuit - the odds are stacked against them. A patent is presumed valid and the defendant must rebut that with a preponderance of the evidence, or lose. This is a reversal of the normal situation in civil law, which is where the plaintiff needs to have preponderance of the evidence. The plaintiff needs to have a preponderance of the evidence that the action alleged to be infrigement occurred - but the defendant has to prove the patent is invalid.

        So if the court can't tell who is right on the latter issue, they'll presume the patent valid and you guilty.

        Ask a lawyer for legal advice. (if you got tons of cash lying around to pay for one)
    • Or contersue for damages arising from a fraudulent claim.
    • Far better than going after the Patent Office would be going after the patent requestor for the costs associated with filing for a patent via fraudlent (or at least negligent) representation.
      "The patent application failed to disclose a single encryption product. Unreal for 1998," Avritch said
  • Hey this is great! (Score:5, Interesting)

    by JoeShmoe ( 90109 ) <askjoeshmoe@hotmail.com> on Friday March 22, 2002 @10:08PM (#3211305)
    Now we don't have to worry about CBDTPA. Because even if the FCC tells the tech industry to adopt encryption to protect content, we can say "Sorry Disney, er, FCC...but that technology has been patented!"

    Why didn't we think of this. Let's get patents on watermarking and other intrusive technologies being rammed down our throats by content providers. Then just sit on them and thumb our noses.

    - JoeShmoe

    .
  • by choke ( 6831 ) on Friday March 22, 2002 @10:08PM (#3211307) Homepage
    If they are suing already, doesn't that invalidate the patent by demonstrating prior art before the patent was applied for?
    • No -- remember a patent is valid from the date the application was sent to the PTO, not the date it was granted. If two or more companies/individuals send patent applications near each other on the same item, three things can happen : one gets it the others don't (and all get used), as with the telephone; both get it and lawsuits abound (LZW); none get it as it must be "obvious" if so many apply for it (never happens -- obviousness is no longer a PTO criteria as we all know). But even if others don't apply for a patent on the thing, they're still vulnerable if their product went to market after the patent was applied for, even if the patent itself never went to market. In the old days, with "real stuff", one would advertise if there were patent applications or patent pending on products. Now, with software and business methods, where the concept and not the invention is the patent, companies like to hide everything related to the patent and wait until they get it before they either 1) charge an arm and leg for it 'cause nobody else could possibly have known it was a pending patent (this instance), or 2) tell everybody else with the same thing to stuff it (amazon's one-click). There are about 3 years between patent application and patent grant. Everybody in software knows that 3 years is two whole generations by software/internet standards, and programmer and designer creativity is going to come up with the same thing in different times because as programmers we're educated to think in a certain way. I'd complain more, but at this point i think choir-preaching is all it'll come up with... But a reminder of one fact -- the head of the PTO in a recent interview posted as a slashdot story a few years back explicity stated using these words that the PTO was in the "business of selling patents". Now if the PTO were to suddenly get smart and reasonable, and ditch applications for prior art and obviousness (like their congressional grant and law tells them to), they wouldn't be "selling" as many patents as they could, and patent application would be a higher risk, so fewer applications would be made, so the PTO would get less money. So the only other solution to the PTO problem is to make applications and grants 100% free, so the PTO does not have a monetary incentive to grant patents to everything in site, obvious/prior-art or not.
  • For a device consisting of a circular device with a whole through the middle. When two of these are mounted on opposite sides of a shaft and suitibly housed, they can become useful for reducing the friction caused by dragging an object down a road.
  • this is good (Score:4, Insightful)

    by mmusn ( 567069 ) on Friday March 22, 2002 @10:10PM (#3211312)
    We need more bad patents like this. The more of a problem this becomes, the more likely Congress is going to do something about it. And as long as the patents are as ridiculous as this one, and as long as they go after companies with money before they go after open source, everything's fine as far as I'm concerned.
    • The only way to get Congress' attention is either buy buying some attention (beaucoup bucks, [don't worry about soft money bans. They'll find someother loophole. After all they wrote the damn legislation,]) or stating a patent on something they might actually CARE about. (That leaves YOU out, that's for sure.)

      Like the patenting ability to use the words "Yea" and "Nay" to record assent or dissent with a statement or perhaps the the passing of legislation for the purposes of levying taxes to pay for expernses without visibly providing any actual services...

      Then you should duck real quick because the military will be shooting and they won't be blanks.
      Don't worry about find a lawyer who'll do it. (Like who would be that stupid and self destructive/defeating?) Look under any rock, behind any ambulance or in the bark of dying trees. There's sure to be some form of slug or parasite. I know plenty of lawyers. Some of my most worthless relatives are pond scum, uh, lawyers.

      Lawyers are ALL that stupid. When the achieve brain death, they run for office so they can pass more laws "for other people."
  • by cmoney ( 216557 ) on Friday March 22, 2002 @10:10PM (#3211313)
    Wouldn't it be funny if some organization in the US government has prior art on this patent? Say the NSA or FBI, perhaps the Army, Air Force or CIA? Somewhere in there somebody developed a computer system which encrypted every single communications which took place at the system level.
    • probably wont happen (Score:4, Informative)

      by Edmund Blackadder ( 559735 ) on Friday March 22, 2002 @10:14PM (#3211328)
      secret use is not prior art.

      But if the above mentioned agency put their computer on sale, or used it publicly then it would be prior art.
      • While secret use cannot be used to negate a patent, it can, in fact, be used to steal a patent. In the US, patent rights go to the first to invent, not the first to patent.
        • But i find it unlikely that whatever secret government agency discovered it will: - want a patent - go forth and disclose sensitive info in court to get that patent.
    • Clipper (Score:4, Informative)

      by wiredlogic ( 135348 ) on Friday March 22, 2002 @10:23PM (#3211361)

      We need look no further than our good friend the Clipper chip [epic.org] for a good example of government created prior art that is covered by this patent.

      • Re:Clipper (Score:3, Interesting)

        by karlm ( 158591 )
        There's some government-assisted prior art that goes much much further back in time...

        IBM had a nice system tht encrypted all of it's traffic between the terminal and mainframe using lucifer. Rekeying was done periodically by encrypting the rekeying message and new key with a special key unique to that terminal. IBM wanted help improving lucifer, so they asked the NSA for help. The NSA said "sure, as long as as the end result's intellectual property is released to the public domain" The NSA took lucifer,,, shortened the keyspace to 56 bits but appearenty maximally strengthened it against all of the shortcut attacks they knew of at the time (differential cryptanalysis). The result was called DES. So there's prior art older than DES. The newer version of the iBM system employing DES (and newer versions allow for 3DES) in most, if not all, bank automatic teller machines.

        Off topic:
        The end result of the NSA involvement is that it was much harder for mathemeticians to discover shortcut attacks to allow random blackhats to crack DES, while still allowing big budgeted governments to build specialized crackers or run cracking on several massive vector machines, like CRAYs.

        Speaking of DES, has anyone seen optimal boolean functions for the DES s-boxes? I'd like to implement DES "sideways", putting each bit of the message in a different register. You can then run 32 (or 64, if you're lucky enough to have a 64-bit CPU) encryptions in parallel. This is much faster since DES does things like uplicating and swapping individual bits, which takes zero time in hardware, but kills the standard way of implementing DES in software gets killed by these little bit duplications and swaps. If you run DES sideways (and 32- or 64-way parallel), duplicating bits simply means usng the same register variable twice, and swapping bits means chaging the positions of varaiables in your equations. You lose some latencey for an individual encryption, but your throughput is potentially multiplied several times. (This depends alot on how compactly you can represent the s-boxes as boolean functions.) This isn't applicable to CBC-mode encryption, but it is usefull for ECB, counter, OCB, and other parallelizable encryption modes. It's also applicable to cracking any of the encryption modes, even OFB, CFB, and CBC.

    • Enigma

      PS: of-course German government is not US government but it is a government still...
  • Prior-art (Score:5, Informative)

    by eddy ( 18759 ) on Friday March 22, 2002 @10:10PM (#3211315) Homepage Journal

    The nice folks over at sci.crypt [google.com] seems to have listed quite a few cases of possible prior art.

    Not that that makes it much better on the whole, but...

  • by Edmund Blackadder ( 559735 ) on Friday March 22, 2002 @10:11PM (#3211319)
    Attack the small firms first so they cannot afford to invalidate the patent. Meanwhile when the small firms start paying royalties your patent will become more established. By the way the 25 000 in royalties is nothing compared to what the case may cost. So that company will probably pay the fee if hey cannot get an early win in court.
  • holy crap (Score:3, Interesting)

    by lunatik17 ( 91135 ) on Friday March 22, 2002 @10:13PM (#3211324) Homepage
    I see this as proof that the USPTO doesn't bother checking for prior art at all. How the hell could they possibly have missed the many examples if they had? Shit, even ntfs has been doing that for years.
  • by cmoney ( 216557 ) on Friday March 22, 2002 @10:14PM (#3211333)
    Why not directly sue Microsoft, Sun, HP, IBM? Somewhere along the line one of these companies offered system level encryption.

    Or maybe this dinky unknown company saw a way to squeeze money out of little companies who they thought couldn't afford to fight back?
    • They probably did, but you said it, a small company can't fight back, so they just pay the royalties. Large companies would fight back, and you really don't have much of a chance against a large company, especially when your patent is bogus to begin with.
    • Why not directly sue Microsoft, Sun, HP, IBM? Somewhere along the line one of these companies offered system level encryption.

      Or maybe this dinky unknown company saw a way to squeeze money out of little companies who they thought couldn't afford to fight back?


      You answered your own question.

      To get the most mileage out of a patent, law, etc. that can be applied many times:

      - First sue/prosecute a little guy with negligable resources and (if applicable) a bad reputation or history. (For censorship laws, for instance, start with a kiddie pornographer before going after Playboy.)

      - With your precedent established, work your way up to deeper pockets and more reputable defendants.

      That way you get the most convictions and (if applicable) the most money before somebody manges to spike you - if anybody manages to spike you at all.
  • by thesupraman ( 179040 ) on Friday March 22, 2002 @10:16PM (#3211340)
    This would seem to be a good example of how the patent system is being mis-used at present. Apparently this patent is very widely defined and not backed up by much 'implementation'. this would generally not be considered a very 'defendable' patent, yet the owners are trying it on with a bunch of middle level software vendors, trying to strong arm some cash from them.

    The difficulty with this is that the patent gives the owner a degree of 'high-ground', and defending against this from the point of view of the apparent patent violator, can be VERY expensive, so often just coughing up is the cheapest option, which then lends weight to the defendability of the patent.

    Certainly, being filed in 1998 makes this particular patent laughable.

    for exmaple, have a look at:
    http://www.cs.auckland.ac.nz/~pgut001/sfs/
    w here sfs (Secure File System) exists, and this page was LAST updates in september 1996, and covers just about every possible level of eccryption in a general file system, it is also not unique.
    • by coyote-san ( 38515 ) on Friday March 22, 2002 @10:54PM (#3211439)
      Forget SFS.

      If it was filed in 19_98_, then the Unix "crypt(1)" program predates it by a generation. A human generation, not a "software generation." crypt(1) only offered trivial protection, but it *was* an application-independent system resource that could be used to encrypt and decrypt messages with a classic algorithm.

      It sounds like the attorneys who filed that patent application need to be face penalties for filing a fradulent legal document. Don't just invalidate the patent, disbar the assholes who try to patent stuff that's been common practice for decades.
      • by sparcv9 ( 253182 ) on Friday March 22, 2002 @11:44PM (#3211562)
        crypt(1) only offered trivial protection, but it *was* an application-independent system resource that could be used to encrypt and decrypt messages with a classic algorithm.
        Not quite. The UNIX crypt() function is a one-way algorithm. A character string is run through crypt() along with a 2-character salt, which is used to mutate the encryption algorithm. The result is a 13-character string, the first 2 characters being the salt. To check, for example, a password against a crypt()'ed password, you take the user-supplied password string and the first 2 characters of the encrypted password, run them through crypt() and compare the output with the previously encrypted string. If both encrypted strings match, then the user-supplied string matched the string that was previously crypt()'ed.

        By the way, since crypt() is a system library function , it is in Section 3 of the manual, and is denoted as crypt(3), not crypt(1).

        Note: I'm not sayng that this isn't a dumb patent, but your example of prior art is in error.
        • No, crypt(1) is different from crypt(3). It was,
          what, a one-rotor Enigma machine or some such. Do
          a google search on 'crypt(1)'.

          I'd call this not prior art since it wasn't really
          "application-independent", even if vi did have that
          -x option. Perhaps any of the encrypted file systems
          such as CFS would qualify.
      • by Anonymous Coward
        Your prior art is in error

        The crypt function does not automatically encrypt a file during a save operation which is one of this patent's claims.

        And NTFS has NOT done this for years. This functionality was firts implemented in Windows 2000 which was after this patent application.

        There is prior art however for this. Norton 'Your Eyes Only' had this functionality as it would trap the 'save file' calls using symevent (The Symantec Event Manager). This product was first released for Windows 95 which predates this patent application by several years.

  • If they reverse engineer the crypto software to determine if it's in violation of their patent, couldn't the software author claim they were circumventing copyright protection. Then just sue them under the DMCA!

    On a more serious note, the patent officer really needs to get off its ass. This is absurd. I'm going to patent substitution boxes, bitwise transpositions, and while I'm at it, hash functions and the use of a 'key' to permutate text.

  • by Niten ( 201835 ) on Friday March 22, 2002 @10:19PM (#3211352)

    I find it quite disturbing that our United States patent office will accept such a broad claim, needless to say. What I find even more disturbing, however, is the precident for accepting such patent claims without, as the article states, any such encryption programs being submitted.

    In my mind, it's one thing to stake your claim to an invention or creation of your own doing, something that you have already built. Even what may be viewed as a "fair" patent process, however, I object to on the principle that it tends to create unnecessary monopolization of certain products and only serves to lock down profits for one party. Patents, in my mind, are a competitive, money-making scheme and nothing more. It's another thing entirely, however, to patent an idea, preventing others from using it possibly, without submitting any such art of your own.

    Think about this for a moment. If companies are allowed to patent thoughts and ideas they have not created, then this only creates a rush to create patents and not a race for innovation. If "prior art" of your own is not required in a patent submission, then the application for patents becomes nothing more than financial speculation on future technologies.


    -Niten
    • I'm going to go and patent cold fusion, room temperature superconductors, faster-than-light travel, and anything else I can think up while on my way to the patent office.

    • I remember seeing a news story about a guy to did exactly this for a living. He'd look at an industry, decide what the next logical step might be, and than patent it. Then, when the company (or companies) took that step (and they often did), he'd go after them (and win). He put no effort of his own into any of the R&D, or produced anything of substance, but he went after companies that did. I forget his name, but his behavior earned my assessment as a blood-sucking leech on the buttocks of a rotting corpse. Actually, I think he's dead now, but his attorney is still defending these patents for his estate.
  • by Anonymous Coward
    Dot com bomb burst your little bubble? No need to worry! Keep your company in the black with our patented 'Profit by patent' system! We research existing fundamental technologies (the alphabet for example!) and patent them for you! All you have to do is wait for a chance to sue someone using your newly patented technology! No more pesky R&D! No nerdy programmers and engineers!
    Learn more now! Call 1-800-GOINGTOHELL!
  • Encryption (Score:3, Funny)

    by Renraku ( 518261 ) on Friday March 22, 2002 @10:28PM (#3211370) Homepage
    Encryption is only for terrorists. Therefore, everyone who encrypts is a terrorist. The RIAA is trying to get A LOT of things encrypted. So the RIAA is made up of A LOT of terrorists.
  • Prior art is something you have to declare in your patent filing, I believe. You have to say what things, if any, are similar to this (the idea is to put your discovery in perspective for the reviewer)

    If they can show you LIED on the prior art section... your patent can be overturned.

    Also.. prior art means prior PATENTS that are similar.

    • Re:Bad patents. (Score:3, Informative)

      by djmoore ( 133520 )
      Also.. prior art means prior PATENTS that are similar.

      That turns out not to be the case. Check out this Prior Art Tutorial [bountyquest.com]:

      "In essence, any publication, in any language, located anywhere in the world is valid prior art for invalidating a U.S. Patent. One copy of a thesis, written in the Chinese language and stored on a dusty shelf of the Beijing University Library will invalidate any and all U.S. patents that were filed one year after that thesis was published and that claims as an invention ANY of the subject matter that was disclosed in that thesis."
  • He uses 'storage level encryption' in the way he wrote in mirror image.
  • the patent on patents themselves.
    could I not enter in a patent on legal documentation providing the holder of said documents protection against competing entities who wish to develop similar products to the holders.

    since they'll never find the prior art in this matter, my patent will be granted, thus rending all other patents and the USPTO totally powerless...!

    nah, that's just silly talk.
  • by sparkane ( 145547 )

    This is a wake up call. This is the most fucked up thing to come out of a fucked up patent office.

    This is not fucked up just because it indicates that the USPTO is incompetent. As someone else has said, this patent indicates that the USPTO is not doing a poor job, it is doing NO job.

    That means that shysters like this company can be granted a patent and embark on the typical shyster lawsuit strategy: small fry first, maybe some bigger game later, and of course ignore the big game because the big game will eat them and their entire families.

    Let's sum up. This company with this bogus patent is nothing but a racket, a group of hoodlums, a pack of criminals hoping to make a quick score. Either than, or they are criminally stupid. And the USPTO is abetting the criminally stupid by failing to do anything remotely resembling their job.

    They're all part of a big family by the name of Mud that keeps on gettin bigger.

  • I'm going to get a patent on granting bad patents, then sue the PTO. :)

  • It's easy to come on /. and complain about how the patent system sucks. If you want to have a real effect in changing how the 'system' works, maybe you'd like a career there? [uspto.gov]
  • I bet the US patent office would shape up really quick if they were liable for all the court costs companies incur defending themselves from hogwash like this.

  • It's painfully obvious the patent office is not going to change their ways after seeing patent after patent issued without checking for prior art. Perhaps a way around that would be to push for a law that would require a "quiet period" for filing lawsuits related to the patent following the issuance of a patent. How long did this company wait after receiving the patent before filing the lawsuit, a couple of weeks?

    When a company (or person) receives a patent, they have to wait at least 1 year before dragging anyone into court related to that patent. That will give the court of public opinion (slashdot) time to find and point out the mistake to the patent office and hopefully they will make amends.
    • That's exactly the wrong approach. The point of patents is to reward people for giving the details of their inventions to the public instead of keeping them as trade secrets. As a reward for doing this, the inventor gets exclusive rights to the invention for a short time. This is generally a good idea and has a beneficial place in society.

      Unfortunately, it's somehow turned into "patents are a way for a company to own an idea and milk money from it as long as possible". I'm afraid your "quiet period" idea plays into the latter -- it might make it a bit harder to get a solid patent, but generally tends to reinforce the "we own this idea now" concept.

      It'd be better for patents to only last for a few years. Since US patent law was created, the term has constantly increased, which is ridiculous, because the pace of technology keeps going up too. If software patents only lasted two years, they'd be annoying, but not potentially crippling as they are now.
  • Does anybody remember KOH (potassium hydroxide) virus? It was a boot sector program that would IDEA encrypt your hard disks and floppies. It was also set up so that if you take an encrypted floppy to a "uninfected" computer, a simple dir a: would then set up encryption (at a y/n prompt). Of if that is just considered a "user level app", how about CFS for linux?

    Or StegFS?

    Or even NTFS (as an earlier poster well... umm posted)?

    What about a container partition (ScramDisk).
    Oh well.. I guess there's no prior art.
  • The US Patent & Trademark Office is basically a rubber-stamp operation these days because there is no incentive for an examiner to deny an invalid patent. Conversely, patent examiners have every incentive to grant patents without serious review and simply let the bad patents be litigated by private parties. If memory serves, neither the examiner nor the USPTO can be held liable for granting bogus patents without proof that the examiner or USPTO acted with actual malice towards the plaintiff in granting the patent - practically speaking, an impossible standard to meet.

    I'm not anti-patent per se - I believe they serve their constitutional purpose in certain circumstances - but I do think that if left unchecked, the current US patent regime will ultimately lead to the same sort of industrial consolidation and resultant economic stagnation that Japan has been experiencing for over a decade. Patents aren't the only or even the main factor that has led Japan to its current situation, of course, but their patent system coupled with incestuous cross-licensing relationships within and among Japan's keiretsu has all but eliminated start-ups and smaller enterprises, particularly in high-tech industry, while the larger IT firms have become moribund from lack of competition (see NEC, Hitachi).

    Just my opinions, of course.
    -Isaac

  • Somebody ought to try READING these patents before going off in hysterical flames. The claims of this patent seem to be limited to the situation where there is an application client and a backend "Document Management System" (DMS) in which there is a crypto module that intervenes when a file-save command or the like is issued from the client, which then encrypts the data with an appropriate key and hands off control to the DMS.

    BFD.

    Go read it here [uspto.gov]

    • GNU/Linux has been doing this for years.

      The claims of this patent seem to be limited to the situation where there is an application client

      Take GNU Emacs for example.

      and a backend "Document Management System" (DMS)

      Any file system.

      in which there is a crypto module

      File system encryption module.

      intervenes when a file-save command or the like is issued from the client

      fopen() in glibc.

      which then encrypts the data with an appropriate key

      Encrypted block driver.

      hands off control to the DMS.

      return from the block driver to the filesystem to libc to the app.

      • I think you are glossing over a few details.

        Here's the actual claim (claim 1):

        1. A method of encrypting an electronic document which is open in an application program running in a general purpose computer, the general purpose computer including a display, a user input device, a crypto module and a processor, the method comprising:

        (a) from within the application program running in the general purpose computer, a user issuing one of a "close," "save" or "save as" command for the document using the user input device;

        (b) automatically translating the command into an event;

        (c) the crypto module automatically trapping the event;

        (d) the crypto module automatically obtaining an encryption key value;

        (e) the crypto module automatically encrypting the document using the encryption key value;

        (f) the crypto module automatically passing control to an electronic document management system; and

        (g) the electronic document management system executing the issued "close," "save" or "save as" command;

        whereby the electronic document is automatically encrypted.

        First off, fopen() is not the "crypto module" in your description, the block driver is. But it's the crypto module that has to trap the call.

        Second, the patent goes out of its way to define "electronic document management system." You can't ignore its definition and just say that it's synonymous with "any file system."

        Also, according to the claim, the EDMS is the entity that has to execute the "save" or similar command. A file system doesn't do that.

        In short, the claim fits where you have an encryption add-on module for something like PC DOCS. It seems to be a bit of a stretch when applied to a garden variety file system.
        • Second, the patent goes out of its way to define "electronic document management system." You can't ignore its definition and just say that it's synonymous with "any file system."

          I think the proof is in the question "who are they suing?" Are they suing companies doing something very specific and indentical to what Maz Technologies is doing? Or are they suing anyone who is in any way similar (like, oh, I don't know, someone using an encrypted filesystem?). Let's take a look...

          From The Register:

          PC Dynamics, the publisher of a virtual disk encryption product for Windows called SafeHouse, is among the first companies targeted in Maz's claim.

          Hm, that sounds like AN ENCRYPTED FILESYSTEM to me.

          Let's look at the product in more detail....

          From the PC Dynamics web page:

          SafeHouse encrypted volumes appear on your PC as another Windows drive letter. All encryption is performed automatically and transparently on the fly.

          Yep, sounds exactly like what PGP does, and like an encrypted filesystem. The main difference being that it's a filesystem built on a raw file on another filesystem. Which doesn't really change things much at all.

    • Let's go through claim (1) for example:

      (a) from within the application program running in the general purpose computer, a user issuing one of a "close," "save" or "save as" command for the document using the user input device;

      Doesn't that sound like any generic application these days? Can we say "File/Save" anyone (or for the CLI people using vi, ":w"? So this part of this claim applies to practically any desktop application. What they are describing here is existing infrastructure, and nothing that could be considered to be characteristic of their own invention.

      (b) automatically translating the command into an event;

      Once again, any desktop application. Most GUIs I know are event based, so any menu action is always sent to the application as an event. This even generation process is transparent to the application itself. Once again, hardly unique or original, and definately not an indicator that a particular system is like their own.

      (c) the crypto module automatically trapping the event;

      One could achieve this by using, say, stegfs. The crypto module is part of the file system driver - it traps the events being sent to things like "open" or "write". There is a catch here - perhaps you could argue that, in order to be covered by this patent, the crypto package would have to intercept the "File/Save" event before that event actually got to the application.

      (d) the crypto module automatically obtaining an encryption key value;

      Like, say, obtaining a PGP key from a keystore using a cached passphrase? Or perhaps a passphrase that was specified at the time that the steganographic file system was mounted?

      Perhaps their system is even more primitive - they pop up a dialog box and ask the user for a passphrase on the spot.

      PGPDisk was doing all the stuff up to here a long time ago. So the claim so far sounds very unobvious and definitely not novel.

      (e) the crypto module automatically encrypting the document using the encryption key value;

      I only wonder if they mean "automatically" as opposed to "manually", or "automatically" as compared to "mechanically" or "algorithmically". To me it sounds like this claim is redundant and obvious. Encrypting the document using any other values than the ones provided by the crypto keys is pretty useless.

      (f) the crypto module automatically passing control to an electronic document management system;

      What do they mean by "electronic document management system"? A file system is a DMS. Are they just using obfuscated language here, or do they have a particular thing in mind when they say "electronic document management system"? If their patent suits [google.com] are anything to go by (that link from another response to the original story, BTW), they mean "file system".

      (g) the electronic document management system executing the issued "close," "save" or "save as" command;

      That's what a DMS would normally do anyway, surely? You could escape this patent by having your encryption module issue its own "save" command, after intercepting the system's own "save" command.

      Of course, letting an Electronic Document Management System do the things it's supposed to do is hardly a novel concept.

      The Last Paragraph

      Then we get to the interesting bit - right at the end:

      Although
      exemplary [dict.org][1] embodiments of the present invention have been shown and described, it will be apparent to those having ordinary skill in the art that a number of changes, modifications, or alterations to the invention as described herein may be made, none of which depart from the spirit of the present invention. All such changes, modifications and alterations should therefore be seen as within the scope of the present invention.

      Thus they are claiming that anything which looks something like this system is also covered by this patent - they're redefining patent law!

      [1] They don't even know that a system built as described in their patent would work. exemplary [dict.org] in sense 3 implies that these guys have built a patent on top of a proof-of-concept.

      • Hear Hear!! I think we might be on to something.

        Re Step 425, "Crypto Server Traps Event", Grail said, There is a catch here - perhaps you could argue that, in order to be covered by this patent, the crypto package would have to intercept the "File/Save" event before that event actually got to the application. You are correct. They are trapping when the user selects "save" from the application menu, NOT when the file is written to disk.

        They probably meant to say that the system intercepted reads/writes to particular files on the filesystem. That's how SafeHouse [pcdynamics.com] (the product they're suing) does it. Oh well, too late to change the patent now. <g>

        I also liked

        Step 420: Command is translated into an event.
        Waddaya mean translated? Modern operating systems handle this as an event by default.

        Step 430: Should document be encrypted?
        Funny that this decision seems to be made without interaction from the user. In other words, the user doesn't decide which documents are or are not encrypted. (at least not at run time).

        The description of the technology in the patent is vague enough that I wonder if they had actually implemented this at the time. Oh, another funny thing... Maz Technology [maztechnology.com] doesn't seem to have a product that does what this patent claims to do. Hmm.... You're not allowed to patent someone else's invention. <g>

        Maz does have this product [maztechnology.com] called IntelliGuard, which has a great marketing description, but to me the description seems rather... lite. I wonder if they've actually implemented anything even now. (It also claims to provide an infinite number of customer's options. At least they got the infinity problem licked.)

        -gh

        DISCLAIMER: this post is a statement of opinion and not of fact. (Just in case any laywers are reading...)

        For the full text of the patent, visit USPTO Search Page [uspto.gov] and enter the patent number 6185681.
        See also a sci.crypt discussion on google groups [google.com]

  • by nomadic ( 141991 )
    The irritating part is the USPO knows it has problems but seemingly refuses to do anything.

    I remember seeing an interview with the head of the office a while ago, and he reacted to this exact criticism by insisting it was OUR (yours and mine) fault for not bringing prior art to their attention.
  • 1.) A giant big smoking hole where the office used to be would be a good start.

    2.) Realistically, after firing all current employees for sheer incompetence, hire new ones at much higher salaries. Make their performance conditional on *not approving* patents. The more rejections for prior art or being obvious, the more pay the examiner is given. Companies should also be liable for bad patents. A company could forfeit over 10% of its assets for a patent granted that was either obvious or prior art.
    This should stop parasites like Rambus in their tracks.

    3.) Remove patent protection entirely for "business methods" and software patents, and sharply reduce all patent terms to 5 yr terms, which can be renewed only 4 times maximum. The companies now have to show their R&D cost for developing the patent, and once their is a profit made the patent cannot be renewed again.

    The price for increasing the length of the patents
    increases, doubling every time it is renewed.

    4.) In general, prevent indefinite extension of copyright and patents. This means that anyone will be able to market Mickey Mouse etc.
  • Frankly, I think patents, especially software patents, should be treated like trademarks: if you don't protect them from the get-go, you loose your right to them. This should apply even before the patent has been granted...

    Since there's most probably prior-art for this patent, I wonder if the companies being pursued could file suit against the PTO to recover defense costs if it is indeed found that the patent is invalid.

    Maybe then the PTO would actually start doing its work instead of pretending to....

  • by StarTux ( 230379 ) on Saturday March 23, 2002 @12:22AM (#3211645) Journal
    Would it be possible for a number of small firms that have lost a lot of money and time wasted over these lawsuits produced by the Patent Office's lack of care in looking for prior art to actually take a class action lawsuit against the Patent Office? Perhaps, they could try and prove loss of wealth and try and prove that the Patent Office is failing?

    Just a thought, yes I know its an expense to do..But just wondered.

    StarTux
    • Its funny.. that was my first thought too. I hate the litigous nature of things these days, but it might be a nice reversal - the USPO setting itself up for lawsuits instead of vice versa. It certainly seems to be failing to really do its job a lot of times these days.

      I have no idea if this is even legal or possible, but, damn, it should be. Someone needs to smack the USPO upside the head.

  • Prior Art (Score:2, Interesting)

    by Anonymous Coward
    Claim 1 of Patent 6,185,681 seems very similar to:

    A Cryptographic File System for Unix by Matt Blaze (1993)
    http://www.crypto.com/papers/cfs.pdf

    Design and Implementation of a Transparent Cryptographic File System for
    Unix (1996)
    http://www.tcfs.it/docs/tcfs.ps

    Linux Journal Issue 40: TCFS: Transparent Cryptographic File System
    (August 1997)
    http://www.linuxjournal.com/article.php?sid=2174

  • possible solution (Score:2, Interesting)

    by Xepo ( 69222 )
    I think there should be a 2,6 or even a year long wait on patents...once they're approved by the patent office, put up a web site for each patent. When someone goes to the site who knows of prior art or some other problem with the patent, that person simply types in what's wrong, hits submit. The patent office reads that person's claim, does research for what had been claimed wrong, and can reject the patent upon that.

    Then the patent office can afford to get rid of some people....the industry is responsible for keeping care of its own patents...copm sci people scan through the comp sci patents, engineers scan through the engineering patents in their field every now and then...etc. etc.

    though, then again, maybe there're just too many patents being filed for this to help much...
  • What would happen if every single small company that was threatened simply refused to show up in court if sued? Instead, just send in a form letter stating that the patent is total and complete BS and then list every other company that has been simultaneously sued and subsequently refused to go to court for the same reason. Technically, that's probably contempt of the court or something, but at some point this nonsense has to stop simply because it is hurting small tech companies. Call it the.. uh.. Boston Patent Party or something. (-: IANAL and this is neither legal advice nor personal recommendation.
  • I did this in 1978 (Score:5, Interesting)

    by Skapare ( 16644 ) on Saturday March 23, 2002 @02:35AM (#3211955) Homepage

    I did system level encryption in 1978 on the mainframe VM/CMS system. Under the CMS component, which ran in a virtual machine, all I/O was done through an interface known as SVC 202 . This interface was used for modular execution of both external (a file) and internal functions. I wrote a program in assembly language which first ran in what was known as the "transient area". This program then allocated memory on a permanent basis, and copied part of itself there. That part was written in relocateable assembly code (was not hard to do in S/370 assembler). It then substituted the SVC interrupt vector with its own, and intercepted all SVC instruction traps. The intercept handler was now in control and the program did a graceful exit, but without deallocating the memory. This was similar to the DOS TSR (Terminate and Stay Resident) feature. The intercept handler checked for SVC traps being code 202. If not, it passed them on to the original SVC handler in CMS. If it was 202, then it checked for the request name for reading and writing. If that matched, it then checked to see if it was a file to be encrypted (writing) or decrypted (reading). CMS had disk letter/number combinations added to each file, and I allowed the program to be told to use either a letter (specific disk) or number (file mode) to be matched to indicate that the file was encrypted. It them modified the buffer appropriately before (writing) or after (reading) the system function completed. The net effect was the ability to have selected files, or a whole disk, encrypted. All native CMS programs, and some OS/VS/MVS emulated programs, would successfully do I/O through this encryption system. I was able to edit a Fortran program, save it, and compile it with the Fortran G compiler, and subsequently run it. I placed a call to my encryption facility in a script called "PROFILE EXEC A1" which made it run every time I logged in. It prompted me for the key, which was a string that was hashed to construct the encryption vector for the algorithm I used (which is probably terribly insecure today).

    I was a student at Ohio University [ohiou.edu] at the time. A group of us were "hackers" (and at times did a little cracking, too). All the disk space was partition-like slices on big (in the physical sense, about the size of a small washing machine) hard drives shared with a lot of other people. The computer center administrators could easily spy on any user's disk space. So this was used as a means to keep nosey people out. About 3 months after I started regularly using this, I was summoned to the office of the Director of Academic Affairs at the computer center. I was told by Dr. Craig Farrar that he was aware that I was encrypting my files, and that this was against computer center and university policy. He gave me a copy of the policy. He was at least an honest man, and also told me it was a brand new policy adopted specifically because I was encrypting my files. He then told me I had 2 days to unencrypt all files before the disk space would be entirely erased. I simply backed up most of them to a private tape, removed it, and unencrypted a few remaining files and deleted the rest. I never used the program again.

    When the PC came out with DOS, and I learned of TSR, I thought about that program, and thought I'd like to do the same thing again. I didn't at that time because I didn't make the committment to learn x86 assembly, and didn't have a suitable C compiler at the time. So a DOS version, unfortunately, never actually happened. However, I did see among some shareware on a BBS, around 1989, a description of a program that did exactly that. Unfortunately for that program, at that time I was doing the Amiga thing. Hopefully someone can track down that program.

    When I moved to Texas in 1993, I left all my old mainframe tapes (about 120 of them by then) behind. I had gotten hooked on Linux and swore to never use a mainframe again, so I had them discarded. Now I wish I had them back, because I could now run them on Linux using emulators [google.com] ... after I figured out how to get stuff off those old tapes.

  • by tmuller ( 101932 )
    It seems to me that everyone wants a knowledgable patent office that can understand (most) technologies that come into it's office.

    I think that what will happen is that companies and individuals will get fed up with the system and change it. Eventually, patents will be almost non-existant because the system will require PROOF of non-prior art, other than the current model, which only hints at the notion.

    I'll agree that this is getting out of hand and anyone who claims a patent and files a suit against any company, should have to PAY for ALL legal fees of BOTH parties, if they want to pursue the patent.

    This would keep folks like the idiot here from filing, getting and then pursuing a lawsuit for the patent he was given.

    my 0.02 cents
  • What about Microsoft's Encrypted File System [microsoft.com], built-in to Windows 2000? It's a transparent encryption/decryption process trapped by a EFS driver right above the I/O system, built into NTFS 5. Wouldn't this technology be subject to this patent?
  • How about this idea. File those patents. "Codeing Methodology for the discovering of Directory Structures for data stored in an Electronic form" (ls dir etc) Then.... give the patent to the FSF. Yep give it to them. This puts the patent in the public domain,sort of. Then it will do two things. One ensure ridiculous patents don't get filled (since you filled first and can sue the pants off of them.) and two, it give the FSF a source of revenue. Just a thought.


  • FOR IMMEDIATE RELEASE:

    I (grub.net Industries) have been granted a patent on:

    "Voluntarily moderated muscle ring for the controlled
    expulsion of solid and semi-solid waste from the posterior
    opening of the alimentary canal."


    Please note that I claim immediate control of all such devices. grub.net Industries' team of highly paid lawyers will station in all hospital delivery rooms to receive our license fee from the parents before the child first uses our product.

    If you have been using said product without paying our license fee please note that you are in direct violation of patent law and may be held liable for damages.
    You are ordered to cease use of The Product immediately until said license fee ($100 at birth, 25 cents per use thereafter) to grub.net Industries.

    Thank you for your time.

  • Now, if anyone, ever asks the stupid question about why software patents are bad, this is one hell of a example.

    Think aout it, a lot of people have been working on THIS [kerneli.org] since 1998 only to have someone come to them 4 years later and tell them that they can't continue since it's now a patented idea.

  • by jcwren ( 166164 ) on Saturday March 23, 2002 @08:59AM (#3212450) Homepage
    More than 10 years ago I worked for a company that produced an ISA card that DES encrypted the entire disk transparently to any OS that used the BIOS calls. We also had drivers for SCO Unix that allowed any file system to be encrypted. Our system was used by private corporations, the FBI, Delta Force (which according to a guy named Major Harrington doesn't exist, and never to to ship packages Attn: Delta Force, Fort Bragg), and several other governmental agencies.

    Barring the fact that DES is no longer considered unbreakable, the card rendered the HD in a system unrecoverable without the card installed. *Every* sector was encrypted, including the boot sector. To gain access, you had to enter a user name and password (similiar to a BIOS password) when the machine started. After 3 failed attempts, the machine had to be power cycled to try again (to prevent keyboard spoofing attacks).

    At one time, if I recall correctly, we had a contest for a high stakes prize if anyone defeated the system. Several universities attempted it, and all failed.

    This system was considered the ultimate in security until the 386 machines started appearing on the market. Because of the CPU cache, it became possible with some sophisticated trickery to defeat the system.

    If anyone feels this information is relevant to this patent, and can *seriously* use additional information (this product is not a current product, so please don't ask where you can buy one), please feel free to contact me at the above email address.

    I know little to nothing about patent processes, but I believe this definitely constitutes prior art.
  • Yesterday I received final approval on my patent for including an encryption/decryption device in a box of cereal.

    -
  • Couldn't these companies turn around and sue the patent office? After all, if the patent office had no liability whatsoever, why would they bother checking against any patents or prior art at all?

  • This is an example of why I believe that the current patent system is so broken that we'd be better off without any patent system.

    It sure isn't my top priority, but I would find myself hard pressed to vote for any politician that said a good word in favor of patents. This despite the fact that there do exist quite reasonable patents, and a decent patent system would actually strenghten the country (though it would always be quite dangerous: always remember that a patent is a kind of government approved monopoly. It can't be made safe. That's a part of the reason that it was made temporary.)
    .
  • Why can't they be sued for the damages and any costs of lawyers/lawsuits themselves? If that would be possible, and if it could be stuck to some persons (and not some business that isn't anymore anyway) then people would think twice before risking their own ruin with those patent scams. Also their own lawyers should be the last in the line to collect any outstanding payments, that way they could only hire lawyers who believed that the patent was at least half valid.

C makes it easy for you to shoot yourself in the foot. C++ makes that harder, but when you do, it blows away your whole leg. -- Bjarne Stroustrup

Working...