FYI patent application 20010055396
Paul Holman
pablos@kadrevis.com
Sat Jan 5 10:27:02 2002
I believe David Jevans works for Valicert.
This patent application certainly has some disturbing claims. Many of
which should be easily disputed as PGP could stand for prior art.
Especially trying to claim the basics of using multiple keys, and then
encroaching upon what sounds like threshold crypto or Blakely-Shamir "k
of n" keysplitting. Relaying keys off a server is hardly novel. Being
able to send additional decryption keys (coincidental acronym?) to the
server might come off as seeming handy, but it is probably pointless.
Technically, I could do that now with S/MIME.
Also, the patent application seems a bit immature to me. Why would you
explicitly and separately claim that symmetric and asymmetric cyphers
are covered? Nobody uses asymmetric cyphers to encrypt messages, just
keys. They're too slow. Maybe he thinks that will change.
Then again, if all this can be done in GPG, why don't we encrypt this
list?
pablos.
On Friday, January 4, 2002, at 09:11 PM, Newton Hammet wrote:
>
> Hello Gnupg Users and Developers,
>
> I was doing some research in software encryption patent applications
> and came across the following item:
>
>
> ------------------------------------------------------------------------
> United States Patent Application
> 20010055396
> Kind Code
> A1
> Jevans, David December 27,
> 2001
>
> ------------------------------------------------------------------------
> Mechanism for efficient private bulk messaging
>
> Abstract
>
> Secure bulk messaging mechanism in which, roughly described, a sender
> first
> encrypts a message once. The message can be decrypted with a message
> decryption key. These can be symmetric or asymmetric keys. For each
> recipient, the sender then encrypts the message decryption key with the
> recipient's public key. The sender then sends the encrypted message and
> the
> encrypted message decryption keys to a store-and-forward server.
> Subsequently, one or more recipients connect to the server and retrieve
> the
> encrypted message and the message encryption key that has been encrypted
> with the recipient's public key. Alternatively, the server can forward
> these
> items to each individual recipient. The recipient then decrypts the
> encrypted message decryption key with the recipient's private key,
> resulting
> in an un-encrypted message decryption key. The recipient then decrypts
> the
> message using the un-encrypted message decryption key.
>
> The details of this patent application have been attached as a text file
> to
> this email.
>
> I believe that gnupg is already using this or a very similar process
> (multiple public-key encryptions of the same symmetric key, each as a
> packet, followed by the file that has been encrypted by said symmetric
> key
> thus allowing for bulk-style secure delivery of an encrypted message to
> several recipients each having a public key and secret key to match one
> of the public-key-encryption-of-symmetric-key packets).
>
> I know a little bit about cryptography and far less about legal issues
> raised
> here, and whether or not the patent description actually covers the
> process
> that gnupg-1.0.6 is already using. And also it is only a patent
> application,
> not a granted patent. Don't know if FSF has some legal eagles that can
> take a look at this or already know about this.
>
> The webpage I searched was: http://www.uspto.gov/patft/index.html
>
> GNU, Crypto Guru's, and/or interested parties are invited to 1) discuss
> and/or 2) correct me for any apparent misconceptions demonstrated here.
>
> Regards, Newton
>
> --
>
> Information, Knowledge, and Wisdom
>
--
Paul Holman
Kadrevian Nonlinear Accelerator
pablos@kadrevis.com
415.420.3806