Sued For Using HTTPS: Companies In Crypto Patent Fight (theregister.co.uk) 130
yoink! writes: According to an article in The Register, corporations big and small are coming under legal fire from CryptoPeak. The Company holds U.S. Patent 6,202,150, which describes "auto-escrowable and auto-certifiable cryptosystems" and has claimed that the Elliptic Curve Cryptography methods/implementations used as part of the HTTPS protocol violates their intellectual property. Naturally, reasonable people disagree.
NeXTStep had ECC... (Score:5, Interesting)
In 1991, NeXTStep had ECC encryption for E-mail in version 3.0 (called FastECC.) If there were a patent made then, it definitely would be expired by now.
Re: (Score:2)
From the article the patent was granted in 1997, just a few short years later. It is possible that they did the extended application process, but I really doubt the patent covers this.
The relevant dates. (Score:2)
from wikipedia
Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.[41] Originally, HTTPS was used with the SSL protocol. As SSL evolved into Transport Layer Security (TLS), the current version of HTTPS was formally specified by RFC 2818 in May 2000.
so HTTPS itself does predate the patent filing and patent. The current version of HTTPS implementation is after the patent filing and before the patent grant in 1997.
Not sure what that adds up to. But if a specific method covere
Re: (Score:2)
You missed the part of his post where he was talking about ECC being created, not HTTPS using it. Do we really want an ECC but in a browser not email, similar to "but on a computer"?
Removing Elliptic Curve (Score:2)
This is for Elliptic Curve ciphers (EC), not Error Correcting Code (ECC).
It should be possible to remove these ciphers from your TLS configuration. If you consider the current best practice [hynek.me] for Apache:
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Then removing Elliptic Curve should be as simple as:
SSLCipherSuite DH+AESGCM:DH+AES256:DH+AES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
That doesn't seem
Twats (Score:5, Insightful)
What a bunch of patent trolling twats.
Re: (Score:2)
Totally screwed up
What (Score:1)
Patents suck for this exact reason.
Can you say Prior Art? (Score:1)
Surely there is a boatload of prior art on this one.
Re: (Score:3, Insightful)
Surely there is a boatload of prior art on this one.
Yes, but it's more expensive to find it and take it to court than it is just to pay up.
That's kinda the whole point of an extortion racket.
Re: (Score:2)
Well, it's interesting, because the question is on the "elliptic curve cryptography" which is a method of generating keys that are more efficient than the older, larger RSA-style keys. So, technically, you could still implement HTTPS with RSA cryptography, which would increase the work done on both ends of the secure connection to encrypt / decrypt with the same level of security.
As someone mentioned above though, there is prior art even with ECC-generated keys by almost a decade to when the patent was gra
When will enough be enough? (Score:4, Funny)
"methods and devices to manipulate and store data encoded into electronic devices by means of electromagnetic field gradients"
and
"methods and devices to enable the interaction between users and electronic devices by means of electromagnetic field gradients".
and
"methods and devices to harass individuals and companies by filing, claiming and legally enforce trivial methods and devices as patentable intellectual properties"
Then we're done.
Re:When will enough be enough? (Score:5, Insightful)
Re: (Score:2)
Apple already owns that patent.
Re: (Score:2)
Thing different!
Re: (Score:2)
Be careful with that "methods and devices" claim. The motion to dismiss of Netflix states explicitly that "Method And Apparatus" claims are invalid under current rules. This is obviously, because as you mocked, the claimant tries to get "anything similar to".
Re:When will enough be enough? (Score:5, Interesting)
IBM has you covered, a Patent on how to be a patent troll
http://www.google.com/patents/... [google.com]
And for good measure Halliburton has a patent on how to patent someone else's invention and gain control of it
http://www.google.com/patents/... [google.com]
Re: (Score:2)
Re: (Score:1)
>>And for good measure Halliburton...
WTF?? I know I'm not smart enough to fully understand this but seriously.....
Re: (Score:2)
Re: (Score:2)
From the Halliburton application:
[ 0016] The inventor and the assignee of this patent have no intention of applying the techniques described herein offensively but instead intend to use the patent defensively to discourage patent trolls and the like from extortionist practices.
Sure, I trust them...</sarc>
Re: (Score:2)
"A method for using a 3-pronged handheld tool to utilize a starch resource", i.e, "eating a potato with a fork".
Re: (Score:1)
A good thing most forks have 4 prongs. Hate to violate that patent.
Re: (Score:2)
Unfortunately that merely counts as a modified three pronged handheld tool. A three-pronged fork with an extra prong.
Re: (Score:2)
Fuck everything, we're doing five prongs! [theonion.com]
Re: (Score:2)
All the ones in my drawer at home (and the plastic ones at work) all have 3 prongs. I don't know why, maybe it's a copyright issue.
Meet Mr. Nicolas Labbit (Score:5, Informative)
The patent troll responsible for this nonsense, specifically the primary manager of the entity known as CryptoPeak Solutions, LLC [corporationwiki.com] is operated by a fellow named Nicolas Joseph Labbit [linkedin.com], who happens to be the sole member of a "law firm" known as The Labbit Law Firm [corporationwiki.com] in Longview, Texas. Just thought some folks might be interested in knowing a little more about the charming young man behind this gross abuse of the legal system. HTH. -PCP
Re: (Score:1)
Re: (Score:2)
I know another candidate for this.
Re: (Score:1)
It seems young Mr. Labbit has been very busy indeed filing mountains of frivolous lawsuits in Texas. [legalnewsline.com] (article dated Aug. 18, 2015, entitled "Texas non-practicing entity files patent infringement lawsuits against 25 banks in two days") ... looks like we've got ourselves a regular Darl McBride Junior here. -PCP
Re: (Score:1)
Be velly velly kliet... I'm huntin' Labbits!
Re: (Score:2)
Re: (Score:2)
Following the rules for French pronunciation, if the 't' were actually silent, I'm pretty sure it would then be pronounced Lab-bee'.
So.... who's going to say "Wooosh!" first, or will the fact that I have mentioned it prevent such a remark form occurring? (I feel like I just made my own private Schroedinger's cat experiment)
Re:Meet Mr. Nicolas Labbit (Score:4, Funny)
Tested in the courts (Score:2)
But a patent is just a pretty piece of paper until you try to enforce it. Only then will the courts actually look at the merit of the patent and declare it enforceable or invalid.
The main reason for granting patents is to persuade inventors to publish their ideas and in return they
Re: (Score:2)
The USPTO can (and does) award patents for almost anything.
. . . so I'm thinking of filing a patent titled, "A Method and Process of Doing Stuff with Things." Then I will open it up for free in the public domain.
That should end this patent mess that has evolved.
Re: (Score:1)
But a patent is just a pretty piece of paper until you try to enforce it. Only then will the courts actually look at the merit of the patent and declare it enforceable or invalid.
Except that the court assumes the patent is valid and the victim has to demonstrate that it isn't which is effectively guilty until proven innocent.
It is always cheaper to settle and licence the patent out of court than it is to defend the claim and risk losing.
Re: (Score:2)
There are two ways to get out of this mess: first, prove you are not infringing on their rights. That would mean that you prove none of the claims in their patent fits to you, or it is already covered by pri
Re: (Score:2)
There should be some form of malpractice coverage (insurance?) to pay the court costs for those harmed by lawsuits based on patents that are ultimately found to be bogus. Perhaps covered by a fee on patent applications.
Re: (Score:1)
The USPTO can (and does) award patents for almost anything. The patent examiners aren't experts in every field and if they receive advice that an item, method, or process is unique and non-obvious, they will award a patent.
Yes, it would be ridiculous for modern patent offices to employ experts in every field. If it were even possible, it would be an incredible waste of talent.
But a patent is just a pretty piece of paper until you try to enforce it. Only then will the courts actually look at the merit of the patent and declare it enforceable or invalid.
I'm not sure about this. It could be different in different jurisdictions, but my understanding is that it is generally not the role of the courts when ruling on a patent infringement case to determine the merit of the patent (since, in theory, the patent office is supposed to ensure this), but rather only to determine whether the alleged infringing ac
Re: (Score:2)
Employ? Who says anything about employment?
Implement a "public forum" where all applications are published and input from the broad public can be gathered - if someone knows prior art, or is able to point out triviality of the patent (e.g. "[doing an extremely common thing] over the Internet" ) they can post it and the USPTO clerk will just reject the application without further ado.
Re: (Score:2)
It looks like you can search US patent applications, and submit documents relevant to a patent application, for a fee.
To search patent applications:
This will give you the 1,247 applications relating to Electrical Digital Data Processing or Transmission of Digital Information that were published last week. (Applications are published on the Thurs
Re: (Score:2)
The community could actually vastly reduce the workload - especially removing a lot of burden of searching for the prior art.
Re: (Score:2)
Re: (Score:2)
> I think it was a good system when it started out.
A great deal of the difficulty is software patents. They overwhelm the patent offices resources, they're proven very difficult to differentiate, and they've been wildly abused both to harass legitimate developers and to develop overwhelming and impenetrable patent suites to protect patent violating companies from legitimate lawsuits.
Re: (Score:2)
Software patents also tend to be constantly amended until they are as vague as possible. These can then sit unused for 10 years at which time they are dusted off, interpreted to apply to some widely used technology, and pointed at to demand payments for use of said technology.
Re: (Score:2)
That's a nice fiction, but legal reality is different. Legally, if a patent examine grants a patent, it is pr
Re: (Score:2)
The only problem with this is that the costs for checking the validity of patents would then be put on the companies sued for patent infringement. Small companies might not be able to afford lengthy lawsuits and might just settle with the patent trolls so bad patents would not only continue to be used, but would get "settlement momentum" in their favor.
If patent examiners actually examined patents, the courts would only need to deal with the edge cases and the patent lawsuit costs on businesses would drop.
Re: (Score:3)
You got it backwards, because that's the current situation: if you get sued for patent infringement, it is your legal and financial responsibility to challenge the validity of the patent. That's why we have patent trolls. What I suggest, namely dropping the presumption of validity, means that the burden of proof shifts to the company that is suing for patent infri
Re: (Score:2)
We should change the patent system so that it works more like how you imagine it works, namely that patent examiners only do some simple sanity checks, and that validity only gets established through court challenges. But that's not the patent system we have right now.
Those systems exist in other countries, and they're uniformly terrible. Remember all those stories about someone patenting the wheel in Australia [newscientist.com]? That was a registration-only system.
They're also much more expensive for people accused of infringement, since the trials are much more involved, with having to first examine every aspect of patentability.
Re: (Score:2)
Except the courts tend to start from the position "If the USPTO granted this, it is valid unless proven otherw
"Method" patents (Score:2)
The main reason for granting patents is to persuade inventors to publish their ideas and in return they are given exclusive licensing rights for a reasonable amount of time. The publishing and sharing of new ideas is the good side of patents.
...which is valid for physical invetion. I.e.: actual device that need to be researched and build.
Because you need exclusivity, so you can ask for money and investment in order to get the necessary resources to research, develop and built the device, then ramp-up production and sell it.
The problem with that crappy patent is that nearly every single claim point begins with :
"Claim n. A method..."
Yup. Methods. As in "I just had this idea and suddenly want every single other person who might have the same idea
Re: (Score:2)
The USPTO can (and does) award patents for almost anything. The patent examiners aren't experts in every field and if they receive advice that an item, method, or process is unique and non-obvious, they will award a patent.
Nope, they're experts in their own field. The USPTO is divided up into several thousand art groups, and Examiners only review applications that are in their field. You don't have chemists examining crypto any more than you have computer scientists looking at a new drug formulation.
Corporate death penalty (Score:5, Interesting)
While I'm totally against personal death penalty, there should be a corporate death penalty, where a company is completely disbanded: its assets (yeah, the investor's and bank's too!) are confiscated and put towards public good. Naturally just for a particularly outrageous behaviour, but patent trolls seem to fit the bill.
This way investors would have to make sure they check the moral side of their investment (and not only the financial).
I'm not a believer in the Invisible Hand, mind you -- but lobbyism, nepotism and too much corporate power is obstructing the few good things it *could* reasonably do.
Re: (Score:2)
The problem is not in the companies abusing the system, it's in the system for setting up such a business model. The more laws in place, the more fuckups like this one. The problem is that these companies are shielded by the law, so theu're hard do counter fight.
I'm not advocating a zero-laws system, but there are clearly too much things in place. We don't need more of it, we need less.
Re:Corporate death penalty (Score:5, Interesting)
I would advocate replacing the current practice of corporations being legally required to act in the best interests of shareholders only with a new hierarchy or rules, much like Asimov's laws if you will:
First, a corporation must act reasonably in the best interest of the general public.
Second, a corporation must act reasonably in the best interest of their employees where it doesn't conflict with the first rule.
Third, a corporation must act reasonably in the best interest of their shareholders where that doesn't conflict with the first or second rule.
A corporation jacks up the price of a generic drug by 7,000,000%? Sued by the general public.
A corporation informs employees that they will have to train their H1B replacements? Sued by their employees.
A corporation pays its CEO an unreasonably large salary with no evidence that that results in better executive performance? Sued by their shareholders. (This should be happening now...)
I like it better than a corporate death penalty, because many corporations do have value and importance to the general public that would be at risk of being destroyed because of a single bad acting CEO. With this scheme, the courts would have a framework for redressing these issues.
In the case of patent trolls, some patents are more obviously bullshit then others. The more obviously bullshit the patent, the more strong a case members of the general public would have to individually sue the trolls for obstructing their use of the technology. What if everybody who uses HTTPS could sue these clowns?
Re: (Score:2)
First, a corporation must act reasonably in the best interest of the general public.
Second, a corporation must act reasonably in the best interest of their employees where it doesn't conflict with the first rule.
Third, a corporation must act reasonably in the best interest of their shareholders where that doesn't conflict with the first or second rule.
+1, I think you could be on to something there.
Re: (Score:1)
If you want something to act in the interest of the public, it should be held publicly. Asking corporations to do so sounds like something a child would suggest.
Re: (Score:2)
The only reason that corporations act the way they do is because common and case law have led it in that direction. There is nothing scared about the "rules" of a corporation. They are changeable.
Re: (Score:2, Flamebait)
The only reason a corporation can do that is because of monopolis
Re: (Score:2)
It very well may be, but it's probably also true that you've drank the corporate kool-aid.
Re: (Score:2)
I'm under no illusions about what corporations are and what they want. However, I'm also under no illusion about what governments are and what they want. And when it comes right down to it, corporations can't force you to do anything you don't want to; only government can.
You need to lay off the statist and totalitarian cool-aid.
Re: (Score:1)
For what? Lowering their costs?
No. For blatantly abusing the H1B visa system. The whole *point* of H1B visas is that they are to be used to bring people into the country to do jobs which require skill sets which aren't readily available in the country. The idea that you currently *have* workers who can do the job *and* train the incoming H1B replacements completely obviates the need for the H1B workers to come in in the first place.
Re: (Score:2)
Your flaw: Corporations only exist by the consent of the government, thus the people. Thus you are the imbecile.
Re: (Score:2)
Private property and the ability to engage in private business transactions are fundamental human rights and are Constitutionally guaranteed; they do not require "consent of the government" or "consent of the people".
Re: (Score:2)
Corporations are not human beings, they have no rights, not even the right to exist. If you want to own property and engage in private business, have at it. As a human being, you DO have those rights.
If you wish to work cooperatively with others, you are also welcome to do so. However, if you wish to sever personal liability from the organization formed, that is a PRIVILEGE that the public may (or may not) choose to grant you. If it does, it will be under the condition that the organization act first in the
Re: (Score:2)
It's not really a "privilege", it's just a formalization of one form of structuring a private business transaction. As a business owner, I could also write liability limits into each contract. It's just easier to have a bunch of standardized legal forms for doing so. If you do business with a corporation, you know how its liability is limited, and if you don
Re: (Score:2)
The separation of liability goes well beyond what you can accomplish in a contract since it includes criminal liability. For example, if a corporation commits negligent homicide, there is a high barrier to having that liability fall upon anyone personally. That is, typically nobody goes to jail or ends up picking up litter along the highway.
As for the rest, if you are referring to capricious actions, then I agree. There is no place for capriciousness in the rule of law. OTOH, if you mean that the people col
Re: (Score:2)
The "high barrier" doesn't result from any kind of special corporate treatment, but the simple fact that it is hard to determine in a complex organization who is responsible for any particular act. The only people that creation of a corporation protects is its investors, for the simple reason that the act of investing in a legally established company cannot be by itself crim
Re: (Score:2)
I have no idea where your bizarro notions come from, but I hope you one day find a way to return to your home dimension.
Re: (Score:2)
the current practice of corporations being legally required to act in the best interests of shareholders only
Citation needed please. What law requires this?
Re: (Score:2)
It's case law, and it's too common knowledge to require a citation.
IANAL, but suggest that a corporation should take care of its employees in an investor's forum and you'll get a citation.
Re: (Score:2)
This [professorbainbridge.com] is what I found on the subject. (I'm not saying, btw, that it proves you're wrong... or right. I just present it as an information source.)
Re: (Score:1)
Yea great idea. When you have a competing company just get a law passed making your competition illegal and have it destroyed by the government. No need to compete anymore, its just a race to get your corporate execution applied to your competition. Sounds awesome.
When government buys GM and can't compete with Toyota, instead of the NTSB making up false stories about sticking gas peddles, just seize Toyota and guess what? That same corrupt government gets the assets of it in the US for their own use!
Isn
Re: (Score:2)
This is a patent troll; they don't have any assets. And it's easy to disband a company, namely by getting a legal judgment against it that is larger than its assets. Lawyers like the "owner" of this company can also be held in contempt of court and disbarred.
smart move.... (Score:1)
by the original patent holders---selling at 18 years.. just sayin'
not a fan of shotgun ligation strategy.. filing dozens of suits nearly immediately upon receiving assignment of the patent. that alone should say its just a money grab attempt.. aren't patent holders supposed to at least try to negotiate and shit before litigation?
but shouldnt they be going after the implementers of https if that in fact was the infringing tech, not the users of the software that has the feature? like microsoft, apache, nginx
Re: (Score:3)
Dude, a schoolyard bully is not going to try to beat up the champion of the school's boxing team, ok? He's going after the nerd.
Just checking (Score:2)
It's still illegal to shoot patent trolls on sight?
I thought by now it would be considered pest control.
Re: (Score:2)
Yes, but it's only a $25 fine.
Re: (Score:3)
It's still illegal to shoot patent trolls on sight?
It infringes my patent on means to destroy vermin .... oh wait, put that gun down!
Haters gonna hate (Score:1)
The National Security Agency cleared the way on ECC patens to prevent this very thing. Take a look at the license agreements of OpenSSL.
IANASE (Score:2)
"based in Longview, Texas" ... (Score:2)
"based in Longview, Texas" ... that kind of says it all, doesn't it?
This should become public property (Score:1)
Re: (Score:2)
Are you sure? From what I've read, all the court said was that the Warner/Chappell Music did not hold the copyright on it. It's entirely possible that someone somewhere has a legitimate copyright over this song. They certainly did not declare the song was in the public domain, though it probably is.
Re: (Score:2)
The judgement effectively put the song in the public domain. If someone else stepped forward today to claim copyright on the song, they would need to prove not only why they should be granted copyright on it, but why they stayed silent so long while Warner/Chappell Music claimed copyright on it. In short, they would have a severe uphill battle to be awarded copyright on Happy Birthday.
Re: (Score:2)
There were long periods since the authorship of "Happy Birthday" when copyrights required renewal to remain valid. Given that there were no such renewals, it lapsed into public domain decades ago.
keys. (Score:2)
Choosing a private key in ECC is no magic - you can pick any number, anything as long as its smaller than the order of the group you're working in - and its a valid private key.
Re: (Score:2)
Choosing a private key in ECC is no magic - you can pick any number, anything as long as its smaller than the order of the group you're working in - and its a valid private key
Finding curves with the correct properties was the key to getting ECC working. I worked on ECC some in the late 80's and randomly selected curves were completely useless.
I wonder... (Score:2)
It Works... (Score:1)
Deal being worked on (Score:2)
I hear our (USA) government has decided to come to our (everyone's) defense and pay the guy approximately 5 trillion in unmarked twenties.
Done...
Next...
Suing the User? (Score:1)
Since when do you sue the user of a product (in this case, corporations hosting HTTPS-enabled websites) rather than the implementer of the product (whoever wrote the web server's crypto stack)?
If I build an electric shaver that violates Braun's patents and sell it to some people, Braun has grounds to sue me. Do they really have grounds to sue the people to whom I sold my infringing product?
Re: (Score:3)
-2 misinformative.
If you're talking about Martin Shkreli, the CEO of Turing Pharmaceuticals, the drug in question is Diaprim (aka Pyrimethamine). This drug has been around since the 1950s and is not, I repeat NOT subject to any sort of patent protections.
Furthermore, the drug is a treatment for toxoplasmosis not HIV. There is some confusion about this because people with weakened immune systems are especially vulnerable to the parasite which causes toxoplasmosis.
The big controversy with Diaprim arises fr