back to article Sued for using HTTPS: Big brands told to cough up in crypto patent fight

Scores of big brands – from AT&T and Yahoo! to Netflix, GoPro and Macy's – are being sued because their HTTPS websites allegedly infringe an encryption patent. It appears in May this year CryptoPeak Solutions, based in Longview, Texas, got its hands on US Patent 6,202,150, which describes "auto-escrowable and auto-certifiable …

  1. Stu 18

    Here is my suggestion to fix this ludicrous aspect of the American way.

    1. You must file your lawsuit within 1 year of discovering that the patent may be infringed. The one year is deemed to start as soon as it is deemed that a person in that knowledge field would have a reasonable chance of discovering the infringement. Beyond the 1 year the litigants have to prove the infringement and pay all costs. If they lose they have to pay the other parties the same amount they were claiming.

    2. If it is a technology that government endorses for national security, then they must sue the government on behalf of the people and can not sue businesses or private individuals. Rules for 1 may still apply.

    1. asdf Silver badge

      >Here is my suggestion to fix this ludicrous aspect of the American way.

      Quit letting lawyers write the laws. Then the point might be more to serve the public interest instead of generating billable hours. Isn't it great how one profession gets to put an innovate tax on every other profession?

      1. Mark 85 Silver badge

        @asdf

        There's a big problem here. I like the idea but most CongressCritters are lawyers. Some of the biggest lobbyists are lawyer associations. Conflict of interest? I think so. Be we here in the States get lawyers for candidates usually. Sure, there's the odd doctor, etc. but mostly... lawyers.

        At the risk of incurring the pedantic wrath of some.. I'll invoke Shakespeare's "The first thing we do, let's kill all the lawyers" concept.

        1. Steve Davies 3 Silver badge

          Re: @asdf

          Slightly modify that statement

          Kill all the lawyers who are politicians, (then all the lawyers)

          That might prevent a few from thinking that Hardard Law, Law Firm, Partner with corner office, Politician, President/Govenor

          is their ONLY career path.

          1. chivo243 Silver badge

            Re: @asdf

            @Steve Davies 3

            Kill all the lawyers who are politicians, (then all the lawyers)

            insert applicable Bender comment - Then kill all humans. Oh, wait...

            The 1%! it's in their blood. But just remember that there is always a 1% at the top, no matter how many times you remove it, there is always a 1% at the top.

          2. Anonymous Coward
            Anonymous Coward

            Re: @asdf

            Kill all the lawyers who are politicians, (then all the lawyers)

            Ahh, but there's even a law against that! See, covering their backs.

          3. Ugotta B. Kiddingme

            Q&A

            Q: What do you call 1000 patent lawyers at the bottom of a deep lake

            A: a decent start.

            1. Anonymous Coward
              Anonymous Coward

              Re: Q&A

              Q: what do you call a 59 out of 60 seats bus full of East Texas patent lawyers going off a cliff?

              A: one missed opportunity

        2. Voyna i Mor Silver badge

          Re: @asdf -Sure, there's the odd doctor, etc.

          There is one named Carson who seems determined to convince us that doctors would be worse than lawyers.

        3. BillG Silver badge
          Happy

          Re: @asdf

          At the risk of incurring the pedantic wrath of some.. I'll invoke Shakespeare's "The first thing we do, let's kill all the lawyers" concept.

          Another good one is, "We need lawyers to get us out of trouble that we wouldn't be in in the first place, if it wasn't for lawyers."

      2. Anonymous Coward
        Anonymous Coward

        can't we just say the principal/founder/owner of the non-performing entity, and their chief legal person, have to explain to a court, without a script, how the thing works, and accept Q&A?

        1. Michael Wojcik Silver badge

          can't we just say the principal/founder/owner of the non-performing entity, and their chief legal person, have to explain to a court, without a script, how the thing works, and accept Q&A?

          Sure. And before any surgeons can start cutting, the CEO of the hospital has to explain the procedure.

          Pharmacists shouldn't be able to sell medicine unless they can explain its means of operation.

          Plumbers: not an inch of tubing or a single fitting until you answer this quiz on fluidics!

          No one shall be allowed to write code until they can demonstrate an understanding of 1) the behavior of charges in semiconductors, 2) the design of modern CPUs, 3) algorithms for resource allocation in modern OSes, and 4) lambda calculus.

          The anti-patent ranting here is mining some impressive new veins of stupidity.

          Yeah, yeah. Downvote away. My three-year-old granddaughter enjoys her tantrums, too.

          1. Voland's right hand Silver badge

            Pharmacists shouldn't be able to sell medicine unless they can explain its means of operation.

            That is the law in most of the world You cannot run a pharmacy unless you have a pharmacy degree which entails you learning how medicines operate in a medical school for 5+ years. The fact that it is not the case in the USA is a historical anomaly.

            Plumbers: not an inch of tubing or a single fitting until you answer this quiz on fluidics!

            They do. At least here (UK). Some of the questions to get Corgi (the gas board) cert are from that area. I wish they did elsewhere too (I am having some serious soil pipework issues at my summer house in another Eu country where they do not - they f*** it up so it creates a classic "hydraulic shock" plunger every time you flush which f*** up the toilet gaskets).

            And I am not going to go into details in how many countries the CEO of a hospital has to be an MD so he can actually explain the details of an operation.

            The overall ineptitude of people in their trade in particular countries (namely USA) and especially the patent lawyers there (99% will fail every single one of the 6 EPO exams you need to pass to do patent law practice in the Eu) does not mean that everywhere around the world everyone is similarly inept.

      3. Anonymous Coward
        Anonymous Coward

        Here's a better one, revert to previous non-batshitcrazy patent laws of the pre 50's....

        Oh yeah and nix Intellectual Property rights too, that nonsense has to end before we have to pay to walk, breath and express an opinion on anything !

    2. Anonymous Coward
      Anonymous Coward

      Re: Dear America, please have a nuclear civil war

      One of the last ECC patents only expired recently.

      Imagine a graph of Y=X^2 (ECC maths is modulo over an integer field, but this is just for visuals.)

      If I give you valid X,Y coordinates they *uniquely* identify a point on the graph.

      I can save transmission space by only sending you X, plus a single bit: 0 = left of graph, 1 = right.

      Given X+boolean you can lookup missing Y yourself.

      That was the patent. Some GCSE-level applied maths. All software patents are this stupid.

      1. Voyna i Mor Silver badge

        Re: Dear America, please have a nuclear civil war

        "That was the patent. Some GCSE-level applied maths. All software patents are this stupid."

        Future lawyers stopped listening in GCSE maths once it got past multiplying two numbers together and adding the result to a total, then rounding up at the end.

      2. Anonymous Coward
        Anonymous Coward

        Re: Dear Europe, please have a nuclear civil war

        So please explain to me the legal "taxes" that your countries place on American corporations for the sheer audacity of existing or even making a product that none of you ever thought to create or perhaps that we made a better one that you all prefer to use? Is that any less stupid and protectionist?

        1. Anonymous Coward
          Anonymous Coward

          Re: Dear Europe, please have a nuclear civil war

          Actually the UK developed public/private key encryption first but restricted it under the offical secrets act, some say the US took their work and passed on to private interests.

          At best even if we assume seperate developement of the technology then by rights the US version should never have been allowed to be patented at all making all patents based after the UK work moot.

          Patents are supposed to only cover innovation and clearly once the concept of double key encryption became known then the key calculation is always going to be just basic math.

          The US system of allowing pretty much any patent though to force those abused to go to court in the US is intented to be a money spinner and to allow the existance fo trolls.

          Personally I would make all holders of USPO patents refile and require they identify exactly what is innovation, if it turns out to have been just common knowledge at the time of the original patent then it become public domain as it should always have been.

          1. Voyna i Mor Silver badge

            Re: Dear Europe, please have a nuclear civil war

            "Actually the UK developed public/private key encryption first but restricted it under the offical secrets act"

            It was done by a guy named Clifford Cocks, who developed what we now wrongly call RSA. In another parodox of official idiocy, RS&A won the Turing prize for rediscovering Cocks's work.

            Though I had a dig at lawyers above, I have to say that they are nowhere near as good at obstructing progress as civil servants.

    3. Anonymous Coward
      Anonymous Coward

      > American way

      It's interesting to read about the various nations involved in establishing the foundation of this system.

      https://en.wikipedia.org/wiki/History_of_patent_law

    4. Robert Helpmann?? Silver badge
      Childcatcher

      Personal Liability

      Beyond the 1 year the litigants have to prove the infringement and pay all costs. If they lose they have to pay the other parties the same amount they were claiming.

      It will have to be made abundantly clear that it will be the litigants themselves and not some corporate shell that has to pay, otherwise the weasels will squirm out of any sort of responsibility.

      1. Richard 12 Silver badge

        Re: Personal Liability

        Or just give judges the power to debar lawyers for being involved in bringing a "bloody stupid" case to court.

        More seriously, this is why software patents are bloody stupid and should never, ever be granted.

        This is a patent on basic maths. It should never have been granted.

        1. Brent Beach

          Re: Personal Liability

          "give judges the power to debar lawyers"

          Unfortunately, those judges were all once lawyers. Professional courtesy, doncha know ..

        2. Michael Wojcik Silver badge

          Re: Personal Liability

          This is a patent on basic maths.

          No, it isn't. Did you actually read it?

          What's claimed is a cryptographic protocol, which involves the use and interpretation of various mathematical constructs. (Whether they're "basic" is debatable, but I suspect that at least a few readers would feel that, for example, "Authority 1 then verifies that(g1/Y) is a generator of Z*2q" goes a bit beyond what they consider "basic".)

          Saying it's a patent on "maths" is like saying a patent for an internal-combustion engine is a patent on physics. It's a category error of the first water.

          Of course, the patent has little or nothing to do with ECC, and the new owners' claims are bogus. But the invention being patented does appear, at first glance, to have been novel at the time. And it addresses a problem which I for one may not particularly care about (private-key escrow), but which some people (snoops) do.

      2. Nigel 11

        Re: Personal Liability

        Beyond the 1 year the litigants have to prove the infringement and pay all costs.

        The key point is that the litigants should pay all reasonable costs of the defense, so that they cannot legally bully a smaller or weaker company. I'd suggest that they be required to file all legal bills with the court as they are received, with payment of an equal amount into court for use by the defense, released to the defense on presentation of its bills. Any failure to do so, any delaying tactics, would be reason for the court to place the case on hold or even to dismiss it. Also give the court powers to allow the litigants to be ordered to pay for any onerous obligations which its actions place on the defendants.

        Should the litigation succeed all these moneys paid to the defense would be added to the damages awarded. Should the litigation fail the defense won't be out of pocket (so long as it hasn't employed outrageously expensive lawyers compared to the litigants). Note: this might leave the litigants out of pocket if they bankrupt the defendants. That's OK. If they're genuine businesses rather than patent trolls, the cost of bankrupting their infringing competitors will be worth it. However, trolling will be all but eliminated, as trolls realize that they need a very strong case, and that if they have one it makes sense to press it against the financially strongest opponent not the weakest.

        1. Ben Norris

          Re: Personal Liability

          So what happens when a big business starts using an individual's patented invention without paying? This would make the law only work for the big guys.

          1. Dan Paul

            Re: Personal Liability

            Sears already did that in a wrench case. They also did something similar with Windshield wiper blades.

            Apparently they have a long history of taking the devices they have been shown (patent applied for) and making small changes and filing new patents on

    5. g e

      Or, more simply

      Make their complaint dependent upon stating the damages they intend to pursue.

      Then force them to deposit half that amount PER CASE LODGED with the State to be able to proceed.

      They win they get their cash back plus whatever they're awarded. They fail, the defendant gets to walk away with it.

      1. Anonymous Coward
        Facepalm

        Re: Or, more simply

        >Then force them to deposit half that amount PER CASE LODGED with the State to be able to proceed.

        Bloody stupid idea.If I owned a patent how would I stop the likes of Apple, Samsung or any other mega coporation stealing my idea safe in the knowledge that I wouldn't be able to afford to do anything about it?

    6. Charlie Clark Silver badge
      Stop

      Here is my suggestion to fix this ludicrous aspect of the American way.

      Pretty numptyish solutions to the problem.

      1) "person in that knowledge field" is an even more difficult term than the "reasonable person" making an obvious discovery. If you look at the history of patents most abuse has come from large companies with more resources than patent holders. What you suggest would further entrench this system.

      2) don't encourage even more litigation. In such an unlikely situation then the government should simply license the relevant patents.

      The problems with the US patent system are well known: patents in too many fields are granted too readily and the courts, notably the one in east Texas then get to deliberate on their validity.

      The US patent system must be overhauled so that it is sufficiently resourced to check patents. In the case of some of the vaguer software and business patents, which are the ones that cause most of the problems, applicants could be required to demonstrate specific applications. Because it is often the blanket application of a relatively minor patent across a whole field that causes problems. Cf. this one and the website plugin one. The patent clerks should have the authority to reject these applications on sight – though applicants should also have the right to appeal.

      1. asdf Silver badge

        Patent office should be more than a simple revenue generating agency

        >The US patent system must be overhauled so that it is sufficiently resourced to check patents.

        Bingo. As it is, the lawyers running the US government are more than happy to take anyone's money and then let their firms and buddies in the private sector get rich fighting it out in the courts which was my point originally what the problem is. By they way just so we are clear it was not me that advocated for murder. The torch and pitchfork mob ran with that later in the thread.

    7. PassiveSmoking

      I've got a better fix

      Scrap software patents and business process patents. They're so beyond ludicrous that it would be funny if not for the economic damage they do.

      1. Preston Munchensonton
        Pint

        Re: I've got a better fix

        Scrap software patents and business process patents. They're so beyond ludicrous that it would be funny if not for the economic damage they do.

        +1

        Have an upvote, mate. This is the only logical step forward out of all the retarded machinations that appeared above.

    8. Wade Burchette

      I think patent law should have a use-it-or-lose-it clause, which would apply only to patents issued to businesses and not patents issued to real living breathing persons. A use-it-or-lose-it clause would kill patent trolls.

    9. midcapwarrior

      It's actually more of Texas way issue or more specifically the court district located in Houston.

      Nearly all claims are made in that district. Same with many mass tort claims.

      The bar to winning in that district is pretty low, although a high percentage are thrown out a the appellate level.

      Texas is always talking of seceding ( at least when oil prices are high).

      Easy solution to the problem is to let them go.

      Added benefit of insuring cruz can't be president.

      1. SiliconSlick

        The State of Texas uses that crypto too and should join the fray....

        So tempted to write their lawyers a letter pointing out the use of such crypto by the state in which they filed such a frivolous suit should by all rights earn that state a place on the list of defendants... IANAL, but somewhere there's a professor at a state university that would no doubt like to enjoin into the action.

      2. Nunyabiznes

        @midcapwarrior

        You do realize this is a Federal court, right? That means it has nothing to do with Texas other than location. The judge was appointed by a president (didn't bother looking up which one) and confirmed by Congress. Generally this is a slam dunk political payback, although the candidates typically look good on paper.

        Texans should look a little closer at their history, specifically 1836-1845, to see how secession would go even if it was not contested by the US. Those were tough times economically, politically and militarily for the Republic.

        1. asdf Silver badge

          > to see how secession would go

          as mentioned before that talk only comes up when oil prices are high (like Scotland too I guess). If oil prices stay high enough long enough to make that a possibility then Texas leaving probably will be only one of our problems.

    10. Robert E A Harvey

      Simpler solution

      Flamethrowers

  2. jonnycando
    Unhappy

    Re stu 18

    Or just put all patent trolls before a firing squad.

    1. Steven Roper

      Re: Re stu 18

      And post the execution on YouTube as an example and warning to other patent trolls...

      1. Anonymous Coward
        Anonymous Coward

        Re: Re stu 18

        Don't put it on YouTube. People might get you confused with a group of kids playing Ninja, and do something stupid about it. :(

      2. Silviu C.

        Re: Re stu 18

        Then the video gets taken down by other trolls, via DMCA takedown :)

      3. caffeine addict Silver badge

        Re: Re stu 18

        I'm afraid I have a patent that covers the "deterring of undesirables (including, but not limited to, trolls, idiots and commentards) using exothermic reactions (literal or metaphorical) and photoelectric or mechanical capture and recall mechanisms". Payment is accepted in non-sequentially numbered barrels of Doombar or Guinness.

    2. a_yank_lurker Silver badge

      Re: Re stu 18

      Or a variation of the American classic of tar and feathers, dousing in kerosene and lit with a match.

      1. zen1

        Re: Re stu 18

        I think public floggings, or to be more specific, caning would be perfectly suitable for punishment of the trolls.

        1. Chris G Silver badge

          Re: Re stu 18

          Personally, I prefer the rodent crontrol methods used in the '60s by certain social groups in London:

          'Nice patent you got there, pity if it got broken. Bigger pity if you was holding it when it got broken.'

          Also, it is quite difficult to turn up in court when your head is nailed to a warehouse floor.

    3. CanadianMacFan

      Re: Re stu 18

      Or patent the process on how to be a patent troll and then sue them.

    4. Chika

      Re: Re stu 18

      Or just put all patent trolls before a firing squad.

      That's just a waste of perfectly good lead. Too quick too, given the long, drawn out torture that patent trolls put people through.

      Hmm... drawn... now there's a thought! Fetch me four horses, some lengths of rope and a sharp blade!

  3. moiety

    "Some people might even call it a "patent troll.""

    Nicely weaselled there, El Reg. Are we not allowed to call people patent trolls anymore? Is "dickheads" still OK?

  4. Chairo

    Some people might even call it a "patent troll"

    Oh, how naughty!

    The problem with patent trolls is, that in the long term they damage the patent system and make it more difficult for inventors to be compensated for their inventions. Certainly the American patent system also has it's problems, but here we have a valid patent that was bought by a troll-like entity that starts shooting around at cat & dog in the hope to monetize. I suppose they aim for out of court settlements, as their claim doesn't sound like it would hold up in court. Anyway - even this example shows that the system is not completely broken. The inventors could sell their patent and got paid. The problem in this case seems rather to be the American court system. A rather big problem, of course.

    1. a_yank_lurker Silver badge

      Re: Some people might even call it a "patent troll"

      Two issues, too many US patents are invalid particularly software patents and the 9 Seniles have not bothered to hammer the low courts for their failure to do their judicial duties. Also, loser pays would help, one big loss by troll and they are done.

      1. Anonymous Coward
        Anonymous Coward

        Re: Some people might even call it a "patent troll"

        Loser pays generally makes no different to a patent troll when it's a shell set up with no assets other than its worthless patent.

        1. Flocke Kroes Silver badge

          Re: Loser shell company evades payment

          Easy: Patent litigators must post a bond along with their first hint that a product might infringe their patent. $1000 per word and $1,000,000 per diagram in the patent should do it.

          The other way to make progress is to say that if patent litigation starts in East Texas, then is all the proof you need that all the patents involved are invalid.

          1. Cynic_999 Silver badge

            Re: Loser shell company evades payment

            "

            Easy: Patent litigators must post a bond along with their first hint that a product might infringe their patent. $1000 per word and $1,000,000 per diagram in the patent should do it.

            "

            OK - so imagine you come up with a fantastic invention (an antigravity device). You use up all your savings and mortgage your house to pay for patents on your fantastic invention.

            Then all the big companies start making anti-gravity machines (having got the idea by reading your excellent patent), but they don't pay you any royalties at all. Unfortunately your suggestion has been implemented and so there is absolutely no way you can afford to do anything to stop them. You die in bitter poverty.

      2. Chairo

        Re: Some people might even call it a "patent troll"

        @ a_yank_lurker

        Yes, too many US patents are trivial, obvious and invalid. However in this particular case the patent itself seems to be valid. In this case the troll's claims are out of focus, as the patent does not really fit to the claim, so the case should be rejected, but this is up to the court to decide.

        As for loser pays - imagine you file a patent for a breakthrough idea. A big company picks it up and says "hey, this a great idea - let's use it and if the sucker wants some money for his idea, tough job - he will never risk to pay the 5 lawyers we are going to put on the case, right?"

        The patent system has two goals: One is to make sure inventors get a fair share, but perhaps even more importantly inventions should be encouraged and spread by publishing them. If any megacorp can rip off any privately owned patent, people would probably stop filing them, right?

        1. Anonymous Coward
          Anonymous Coward

          Re: Some people might even call it a "patent troll"

          " However in this particular case the patent itself seems to be valid"

          You can't patent math & by extension software in the US. The 'lawyers' managed to get in the transformation argument which is what most software battles are based on, but this patent appears to be Math as all software encryption is, therefore how is it valid?

        2. Anonymous Coward
          Anonymous Coward

          Re: Some people might even call it a "patent troll"

          " If any megacorp can rip off any privately owned patent, people would probably stop filing them, right?"

          What makes you think this isn't already happening?

          1. earl grey Silver badge
            Flame

            Re: Some people might even call it a "patent troll"

            Two prime examples:

            Ford - intermittent wipers

            Sears - push-button socket release

            That just scratches the surface...read up on them and see.

    2. Grikath Silver badge

      Re: Some people might even call it a "patent troll"

      A quick look reveals their office is in a lawyers' nest office building, and the actual registering of the llc is done by proxy through Legalinc....

      Any bets the litigating attorney office is actually the owner of the patent, all the way down the line?

  5. Anonymous Coward
    Anonymous Coward

    I'll happily hand over 100% of my website's nett earnings.

    As the site costs me about $100/month to run and earns me nothing, that'll be a nice income stream from this group.

  6. zen1

    Dear rest of the world:

    We think people who pull this kind of crap are scum, too. We can thank the less than sincere promises of torte reform by lawyers in all levels of government.

    1. Mark 85 Silver badge
      Unhappy

      @zen1 -- Re: Dear rest of the world:

      I share your feelings also. And I'm getting tired of having to apologize for idiots I didn't elect.

      Maybe we do need to invoke some Jeffersonian words to the government now and then... "When in the course of human events...." might be a good start.

    2. Pliny the Whiner

      Re: Dear rest of the world:

      Well, yeah, patent trolls are cut from the same piece of tire-flattened shit as telemarketers, spammers, and debt collectors. Out of all the possible ways to make a living, THIS is what you chose? Really? Tell your mother exactly what you do, then ask her if she's proud of you.

      Get a real job. Get a life. And leave the decent people out of your moneymaking fantasies.

    3. Someone Else Silver badge
      Coat

      Re: Dear rest of the world:

      <herring color="red">We can thank the less than sincere promises of torte reform by lawyers in all levels of government.</herring>

    4. Anonymous Coward
      Anonymous Coward

      Re: Dear rest of the world:

      Other parts of the world have similar madness. The worst bit is that the prosecuting party usually is less than timely in stepping up. Rather than keeping an eye on the industry and making themselves known early, they wait until lots of people have bought in, then strike.

      Different industry, and not even IP but rather copyright related, but the same tactic. Back in 1980, the band Men At Work released the song Land Down Under. In 2008, they got sued for copyright infringement because of a flute rift at the start sounded a lot like a 1932 song, "Kookaburra".

      Now this wasn't some song that was just released straight to vinyl and never got played. It was considered an unofficial "anthem", at least on Australian radio stations. It made the top of the charts at the time.

      Yet, they didn't prosecute until nearly 30 years later. To my mind, the horse had well and truly bolted, but that's not how the legal fraternity see it — and in my mind, that is by far the biggest flaw in the legal system, particularly around patents.

      1. zen1

        Re: Dear rest of the world:

        The thing I find so infuriating about the patent trolling problem is that law suits over something as ubiquitous as https would be akin to Rolls suing the rest of the auto industry because of their use of the steering wheel in an automobile, or Lancaster suing other manufacturers for using disc brakes to stop their vehicles. It's a waste of the courts time, a waste of company expenses, which ultimately get passed to the consumer, etc. This shit has to stop!

    5. Michael Wojcik Silver badge

      Re: Dear rest of the world:

      promises of torte reform

      How are you going to reform tortes? Isn't the round shape pretty much ideal for them? Otherwise they might not cook evenly.

  7. Destroy All Monsters Silver badge
    Windows

    Not even a patent

    It sounds more like a "business patent": "Here is a generic idea that allows other people to read your pretend-encrypted stuff without your knowledge or aquiesence: hand over part of your key to a general, hackable registry held by a trusty government." Ha Ha. Now hand over the money.

    It is useful to remember that encryption c.a. 1997 in Amurrikka was about the "Clipper Chip" (government listening in to you encrypted phone conversation). I would hazard a guess that the patent comes from there

    (Other themes of interest back then where: "illegal pornography on the Interwebs", Timmy McVeigh, the Louis Freeh FBI - Louis being a nasty piece of work - and disgusting excesses by Democreeps and Rethuglians alike. All of that seems frankly tame nowadays.)

    1. Roland6 Silver badge

      Re: Not even a patent

      Interesting to see the names absent from the court list...

      Looking at the patent, it can't (surely?) be about the use of HTTPS and ECC, given both predate the patent: HTTPS in 1994 and ECC in 1985. The key parts seem to be about key escrow and hence recovery, so I suspect the link between defendants is that they are using the same third-party library, which in turn begs the question does RFC4492 infringe this patent?

      1. Michael Wojcik Silver badge

        Re: Not even a patent

        it can't (surely?) be about the use of HTTPS and ECC, given both predate the patent

        Or given that the patent has nothing to do with either of them, except incidentally: HTTPS as an application of asymmetric cryptography which could in turn be a possible application of the scheme, and ECC being a source of asymmetric-cryptographic algorithms, the private keys of which could be escrowed under the scheme.

        It's "about" HTTPS and ECC the same way a patent on manufacturing tires would be "about" cars and rubber.

        It's also not about the mathematics involved. It's about a protocol - a mechanical procedure - that happens to use various mathematical constructs in some of its steps, and assigns particular interpretations to the results. But apparently reading patents is a rare skill around here.

  8. Anonymous Coward
    Anonymous Coward

    The Dumbest of the Dumb ...

    ... work in the US Patent Office. They are genetically engineered and specially selected from birth.

    1. Flocke Kroes Silver badge

      Re: The Dumbest of the Dumb ...

      It is worse than that. Many in the lower ranks have brains, but the rules they are required to follow are insane and make them look like the dumbest of the dumb. Imagine if even half those people were doing something constructive instead.

      1. Destroy All Monsters Silver badge

        Re: The Dumbest of the Dumb ...

        WHEATLEY ("You not only are a moron. You were DESIGNED to be a moron") - THE PATENT OFFICE!

  9. msknight Silver badge
    FAIL

    Cough... cough...

    "cough... Gif... cough..."

    1. Anonymous Coward
      Anonymous Coward

      Re: Cough... cough...

      "cough... Jif... cough..."

      1. Chika
        Trollface

        Re: Cough... cough...

        Nasty cough you have there! Sounded like you were trying to insult somebody, or maybe you just want a PBJ. That'll just make it worse!

  10. MrDamage

    So....

    All those people demanding to know why El Reg hasn't gone https by default, now have their answer.

    The Vulture that bites the hand that feeds IT, was protecting itself from the window licking vulture that likes to smear shit on the walls.

  11. Anonymous Coward
    Anonymous Coward

    I want to patent..

    .. a method to annoy patent trolls.

    I'm mainly hoping for an implosion when they acquire that patent.

  12. MJI Silver badge

    It may be a lot cheaper to .......

    Employ a hitman and remove the company.

  13. Anonymous Coward
    Anonymous Coward

    Some people might even call it a "patent troll."

    remarkably prudent comment. So who's going to throw the first REAL stone (Jehovah!)?

    1. Anonymous Coward
      Anonymous Coward

      Re: Some people might even call it a "patent troll."

      ARE THERE LAWYERS HERE TONIGHT?

      1. Chika

        Re: Some people might even call it a "patent troll."

        ARE THERE LAWYERS HERE TONIGHT?

        No, but I see the trolls are up and about.

  14. Public Citizen

    Unfortunately this sort of "legal adventurism" has no downside for the lawyer filing the lawsuit as there is no "looser pays" in US Civil Courts. Because most of the elected legislators are lawyers and the Trial Lawyers Associations are big check writers for the campaign coffers of their pet legislators the system won't change any time soon.

    What needs to happen is for the lawyer, any staff, and any service providers employed by the law firm need to suddenly find themselves on a "service denial" list for any and all organizations they are attempting to shake down through their thinly veiled "trolling".

    If they suddenly found themselves unable to obtain business insurance, personal insurance, access to any online shopping services and required to PAY CASH, with a substantial damage deposit for any lodging, car rental, and etc. they might just decide that there is no money to be made here and a lot of grief will accrue from the attempt to pursue this case.

    I noted that there don't seem to be any Banks on the list, even though banks universally use HTTPS for all online banking services. Perhaps the law firm has already been informed by one or more banks that if they go there they may just find certain online transactions will become very-difficult-if-not-actually-impossible-to-complete?

    I wonder if any of the paperwork for these filings was handled via an HTTPS connection over the internet?

    1. Stephen W Harris

      "I noted that there don't seem to be any Banks on the list" (@Public Citizen)

      Banks have been trolled by Intellectual Vultures^WVentures for SSL/TLS in the past; see "Intellectual Ventures vs Capitol One", "Intellectual Ventures vs Chase" and so on. I believe the Chase one is still ongoing...

      eg http://www.intellectualventures.com/assets_docs/Intellectual_Ventures_-_JPMorgan_Chase_Complaint_2013_1.pdf mentions 7634666 which is, basically, hardware accelerated public key encryption engine, and also 5745574 which appears to be SSL certificate authority stuff.

    2. Chika
      Headmaster

      there is no "looser pays" in US Civil Courts

      There are no tighter pays laws either. Oh, wait! You meant "loser pays", did you?

  15. Anonymous Coward
    Anonymous Coward

    SImplest solutions...

    Make IP non-transferable, only the person/people who actually came up with it can own it. As soon as it is transfered it becomes public domain.

    or

    Require the defendant to show they had used it in a comercial product before the alleged infringing product.

    1. Destroy All Monsters Silver badge
      Holmes

      Re: SImplest solutions...

      I don't even see why this is downvoted.

      Can Andrew vote six times in a row??

  16. Christoph Silver badge

    They might just have bitten off more than they can chew

    This kind of thing usually involves suing lots and lots of smaller firms who can't afford litigation.

    If all the very big firms that they are suing get together to share legal expenses they can drown them in lawyers. They might even be able to push it to a higher court and get a precedent that goes some way to stopping trolling.

    1. Anonymous Coward
      Anonymous Coward

      Re: They might just have bitten off more than they can chew

      We have been here before. (Google "Stambler patents".) The suit is probably on contingency and the defendants typically do not seek invalidation.

  17. Daniel Hall
    Stop

    Here is a suggestion to America

    Stop it with your way of suing everyone every time there is an opportunity.

    This crypto encrypting technology should NOT be owned by ANYONE - It works to secure the people of the internet. How can you sue a company for that?

    In America you sue and get sued REGARDLESS of the outcome to any other parties, even if it means potentially RUINING another company because you lack the common sense needed to stop this turd like behaviour!

    You all need your bloody heads looking at!

    1. Stoneshop Silver badge
      Devil

      Re: Here is a suggestion to America

      You all need your bloody heads looking at!

      ... through the opening that appears when it is separated from the previously-attached body.

      (and you mean "looked at")

    2. Michael Wojcik Silver badge

      Re: Here is a suggestion to America

      This crypto encrypting technology should NOT be owned by ANYONE - It works to secure the people of the internet.

      Try reading the patent. It has nothing to do with "crypto encrypting technology" (assuming we generously read that phrase as meaning anything at all), and it most definitely does not "secure the people of the internet" (assuming that phrase means something).

      For one thing, no one's using the technique described by the patent, and for another, if they were using it, it would reduce their security. By design. That's what it's supposed to do.

      Of course, your broader argument seems to be that if a patent describes something useful and important, then it shouldn't be granted. I think you do not understand the concept of the patent.

  18. Mr Templedene

    The US patent office used to be a government organisation, and although not perfect, took some care not to approve stupid patents or ones with prior art.

    Then they sort of "privatised" it, and it survives only through the payments made to patent something. For some reason or other, they suddenly started approving things that previously wouldn't have got through, making it far easier to get "troll patents"

    Odd that, isn't it?

    1. Anonymous Coward
      Anonymous Coward

      "Then they sort of "privatised" it, and it survives only through the payments made to patent something. For some reason or other, they suddenly started approving things that previously wouldn't have got through, making it far easier to get "troll patents" "

      I was going to mention that but you beat me to it.

      1. Voyna i Mor Silver badge

        I was going to mention that but you beat me to it.

        And so now you can't mention it without paying.

    2. Someone Else Silver badge

      Then they sort of "privatised" it, and it survives only through the payments made to patent something.

      Sort of a microcosm of a prototypical Republican/Libertarian utopia, innit?

      1. Destroy All Monsters Silver badge
        Facepalm

        > Republican/Libertarian

        Using these two in the same sentence outs you as clueless.

        Libertarians would rightfully flush patents down the toilet. Except Randians, but these are really not libertarians. A libertarian would deny to have a need for a "head schoolmaster" to manage "intellectual property".

        As for Rebups. Well.... they support Raython. Enough.

  19. silent_count

    How does the plaintiff know for sure what sort of encryption the defendant(s) use without decrypting traffic, which would be in violation of the DCMA?

    1. Preston Munchensonton

      How does the plaintiff know for sure what sort of encryption the defendant(s) use without decrypting traffic, which would be in violation of the DCMA?

      https://en.wikipedia.org/wiki/Transport_Layer_Security

    2. Stoneshop Silver badge

      Nice try, but you can simply query the server what transport encryption it supports. In fact, that's the first thing that gets done on trying to establish a secure connection, so that the server and the client can agree on one.

  20. earl grey Silver badge
    Thumb Up

    I'll be getting my popcorn

    As soon as i see these idiots try suing Newegg. They don't settle with crap like this.

  21. Pirate Dave
    Pirate

    CryptoPeak

    So is CryptoPeak's CEO named Darl McBribe? This level of stupidity can only be ascribed to a colossal moron of his monumental caliber.

    Google doesn't return much info on the company itself - certainly not a link to CryptoPeak's site. (although I will confess I didn't look too deeply...)

    1. Def Silver badge

      Re: CryptoPeak

      Why would you need a website if your business model only consists of suing anyone and everyone who uses technology from the patents you acquire?

      1. Pirate Dave
        Pirate

        Re: CryptoPeak

        Heh, that's a good point.

  22. Stevie Silver badge

    Bah!

    Well, notwithstanding that this would discourage anyone from using a system designed to help spooks get into one's knickers, might not one answer to these idiotic productive company vs deep-pocketed patent aquisition leeches be to put a bounty up on their company's data (anonymously and "jokingly" of course)?

  23. Boothy

    Why sue the customers/users?

    To use an analogy..

    If Ford borrowed some tech from GM, and this was added to Fords cars.

    Would GM then sue all the people driving those Fords? No, they'd sue Ford.

    So why are software patents treated differently?

    Shouldn't cryptopeak be suing the software companies that added the allegedly infringing functionality to their software, rather than the clients that are just using the software?

    The courts aught to be able to throw these type of requests out, under the guise that the company being sued, is not the author, or the owner of the allegedly infringing software, but just a licensed user.

    PS: Just to be clear, I know why cryptopeak doesn't do this, as those real targets could likely fight back, and smaller companies are more likely to just fold. I'm saying that they shouldn't be able/allowed to sue a user, when all they are doing is using software provided by someone else (and for it's intended purpose).

    1. Def Silver badge

      Re: Why sue the customers/users?

      Then surely by that argument, I as a website owner should be able to sue my web host and certificate providers if they happen to provide me with a service that uses any unlicenced technologies, all web browser manufacturers that implemented said technology without licencing it, any government that mandated and/or recommended the aforementioned technologies, and any credit card processor and/or bank that forces me to use SSL to secure payment processing for any of my customers.

      This whole thing is one massive clusterfuck. (But I think we knew that anyway.) :)

    2. CanadianMacFan

      Re: Why sue the customers/users?

      While I agree with you I don't think AT&T is exactly a smaller company, especially compared to Apache Software Foundation.

  24. I Am Spartacus
    Mushroom

    A comment on lawyers by Mr Al Stewart

    https://www.youtube.com/watch?v=clmfdmSAcNE

    That is all.

  25. Bucky 2

    Remove the Incentive

    If lawyers share the blame for bringing frivolous lawsuits, maybe it would be helpful to remove some of the incentive for them to bring ridiculous lawsuits to court.

    What we don't want to do is allow rich people to victimize poor people by making it too hard for poor people to get decent representation.

    Perhaps requiring a lawyer to only charge for time and materials, and forbid lawyers from receiving payment based on the amount of the settlement might help. They could still work on contingency for poorer folks, still only getting paid if they win, but limit the payment to their usual, non-contingency rate.

    You'd need to keep unscrupulous lawyers from rubber-banding their "usual fee" based on the amount of the claim somehow.

    Just a thought.

  26. chasil

    Removing Elliptic Curve

    It should be possible to remove these ciphers from your TLS configuration. If you consider the current best practice for Apache:

    https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

    Then removing Elliptic Curve should be as simple as:

    SSLCipherSuite DH+AESGCM:DH+AES256:DH+AES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

    That doesn't seem too difficult, and there is some opinion that this is actually an improvement on security.

    1. Pirate Dave
      Pirate

      Re: Removing Elliptic Curve

      I'm not a security guru, just a network guy, but I thought the SSL cert folks were starting to push ECC as the "next big thing"? At least, I saw it mentioned in an ad on the Symantec site a few weeks ago when I was renewing an SSL cert, so assumed it must be something they were moving towards. And I seem to recall they wanted quite a bit more money for the ECC cert.

      1. Michael Wojcik Silver badge

        Re: Removing Elliptic Curve

        I thought the SSL cert folks were starting to push ECC as the "next big thing"?

        Can open, worms everywhere.

        Here's the short version: Y'need an asymmetric-encryption algorithm for authentication, and possibly for key exchange (though you can use other mechanisms for key exchange). There are currently three families of asymmetric encryption used in TLS: RSA, DSA, and the ECC algorithms.

        DSA is basically only used by the US Federal government. RSA and DSA both require pretty big keys, because (in the best case) they depend on factoring for their strength, and factoring isn't all that hard. And factoring has gotten easier over the past couple of decades; some people worry there will be a breakthrough and it'll get a lot easier.

        ECC asymmetric encryption gets the same equivalent strength with much shorter keys. And the ECC problems are currently harder to brute-force than factoring, and they haven't gotten easier (at least insofar as anyone has published) since they were introduced (except for some special cases that are well-known and everyone avoids).

        From the late '80s until 2001, the NSA seems to have been actually trying to help improve commercial cryptography.1 In the mid-'90s they came out with "Suite B", a set of crypto guidelines.

        Suite B pushed ECC strongly. Of course this raised suspicions for many people, but the arguments in favor of ECC were strong, too. And it meant that ECC has received a lot of scrutiny since.

        For a long time, people have known that the ECC scheme for cryptographic pseudorandom number generation had the unfortunate (for users) aspect that any given set of parameters could have a backdoor. That's not a problem if you generate your own parameters, but if you take them from someone else, you have to trust them. And NIST published a recommended version of that RNG (Dual_EC_DRBG) with a suggested (not mandatory) set of parameters that came from the NSA. That was very likely back-doored. Of course no one used it ... oh, except everyone who used RSA Security's BSAFE software with the default configuration. The $10M payment from the NSA to RSA is probably just a coincidence.

        That scandal fed the ECC skeptics / conspiracy-theorists, who worry that the NSA has backdoors for all ECC. Many experts feel that's rather unlikely, but it's a matter of contention.

        Then, in August of this year, the NSA published a piece that said, hey, everyone should be paying more attention to this "post-quantum cryptography" stuff, and if you haven't moved from RSA to ECC yet, don't bother. This elicited a collective response of "WTF??!" from the community. The NSA clarified its position as "yeah, what we said before".

        So: Does the NSA want people to avoid ECC because it thinks it's broken, or will be soon? Does it want people to avoid ECC because it's too hard for the NSA themselves to break? Is it playing an elaborate prank? We don't know.

        What we do know is that RSA is getting weaker (faster than Moore's-Law growth in computing power), and none of the vaunted post-quantum algorithms are sufficiently well-examined to have much confidence in - and in any case they're not deployed. In many circumstances ECC is the only real choice.

        Also you can get Perfect Forward Security with ECC. You can't do that with RSA key agreement, though you can with DH key agreement and an RSA signature. But again ECDH has advantages over vanilla DH (DH in a binary field).

        Oh, and just recently we have RSA discontinuing the BSAFE product. What does that mean? Not clear - though it means even fewer options for a TLS implementation, particularly if you need FIPS 140-2 validation (generally because you sell to the US Federal government).

        See A Riddle Wrapped in an Enigma for a much better and more detailed discussion.

        1This is really complicated. The NSA has an offensive and defensive remit, because part of its mission is to make what it does harder for everyone else. That's apparently why the NSA hardened DES against differential cryptanalysis (which was then still a secret technique) in the '70s. After the Cold War ended with the fall of the USSR and the US DoC loosened its stance on commercial crypto, the NSA's IAD division under Brian Snow seems to have been legitimately concerned with improving the state of commercial crypto. 2001 changed all that, of course.

        1. Anonymous Coward
          Anonymous Coward

          Re: Removing Elliptic Curve

          Good well-written summary but one nit. I asume that by "DH in a binary field" you meant IF DH (as they say in 1363).

    2. Anonymous Coward
      Anonymous Coward

      Re: Removing Elliptic Curve

      Check out the draft TLS 1.3 before writing anything further.

  27. Anonymous Coward
    Anonymous Coward

    Rule 1 of patents

    Read the claims, ignore anything else that is stated in the summary or elsewhere. Claim 1 is:

    1. A method and apparatus for generating public keys and a proof that the keys were generated by a specific algorithm comprising the steps of:

    the user's system generating a random string of bits based on system parameters;

    the user running a key generation algorithm to get a secret key and public key using the random string and public parameters;

    the user constructing a proof being a string of bits whose public availability does not compromise the secret key and wherein said constructing of said proof requires access to said secret key, but at the same time said proof provides confidence to at least one of a plurality of other entities that said public key was generated properly by the specified algorithm, and wherein said confidence is gained without having access to any portion of said secret key.

    So yes, the patent is likely being infringed by ECC. Yes, there is likely plenty of prior art that covers this, but someone will need to fight it in court and win to get that claim invalidated. Like it or not, that's how patents (and the associated trolls) work.

    1. Anonymous Coward
      Anonymous Coward

      Re: Rule 1 of patents

      No, it isn't.

      I quote a lawyer in a recent meeting about a patent infringement case:

      "It doesn't matter whether the patent is valid or not. Pay up."

      1. Anonymous Coward
        Anonymous Coward

        Re: Rule 1 of patents

        Validity is a legal state, regardless of its perceived worth or the amount of prejudicial prior art. (In the US, only the USPTO or the courts can invalidate a patent.)

    2. Michael Wojcik Silver badge

      Re: Rule 1 of patents

      So yes, the patent is likely being infringed by ECC.

      I disagree. IANAL, but the key aspect of claim 1, and the patent as a whole, is "and a proof that the keys were generated by a specific algorithm". That is, the invention is specifically and solely the proof-of-escrow mechanism, whereby anyone can verify that a given public key was created "properly", and so the private key was escrowed.

      The patent explicitly notes that the invention can be implemented with a variety of asymmetric-key mechanisms.

  28. RobThBay

    I thought BlackBerry owned ECC Patent

    According to this info, BlackBerry now owns the ECC patent (or am I missing something).

    http://jeffreycarr.blogspot.ca/2014/01/guess-who-owns-patent-to-rsas-backdoor.html

    And an older article

    http://n4bb.com/blackberrys-potential-biggest-patent-asset-elliptic-curve-cryptography/

    1. Anonymous Coward
      Anonymous Coward

      Re: I thought BlackBerry owned ECC Patent

      There is more than one ECC patent in the world.

    2. Michael Wojcik Silver badge

      Re: I thought BlackBerry owned ECC Patent

      This patent has nothing to do with ECC. The new owners are pretending it does in the hope of coaxing some settlements out of deep-pocketed defendants.

  29. DanielR

    PATENT TROLLS ARE HOPELESS AND THIS IS HOW THEY TRY AND MAKE THEIR MONEY. THEY ARE LUDDITE. I HOPE THEY GET COUNTER SUED FOR WASTING TIME.

    1. MrDamage
      Meh

      *wipes face*

      I actually felt spittle hitting me in the face after reading that. Please stop shouting.

    2. Chika
      Holmes

      OWWW!!! My eyedrums!

      1. Destroy All Monsters Silver badge

        HEAR! HEAR!!

  30. Anonymous Coward
    Anonymous Coward

    Very convenient

    This case looks very convenient for those who want to stop the general public using strong encryption. Am I being too cynical?

    1. Michael Wojcik Silver badge

      Re: Very convenient

      It's no more convenient for that purpose than any number of other patent-troll attempts to extort money for the use of common cryptographic algorithms. I don't see any reason to assume a conspiracy here. Normal mendacity is adequate.

      Even if any of these suits are successful (which seems unlikely to me, even in East Texas), folks could just drop back to the RSA suites.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019