Hello,
Here are a few comments on the discussion of Certicom's patents and some
ideas on how to possibly create new licensing approaches to support
"non-commercial" OpenPGP implementations.
First, on Rich Ankney's and Uri's comments:
ECDSA in particular is not patented.
Certicom has patents filed that cover aspects of ECDSA.
Certicom has patented various
hardware tricks to implement EC over GF(2^m).
Only a few "tricks" are patented for hardware and GF(2^m). Most cover EC
and public key mechanisms in general. More EC patents from Certicom seem
to cover GF(p) than GF(2^m). It does seem that many implementors are
moving to GF(p) based on the perception that Certicom has more patents in
2^m. This is not a good reason to move to GF(p). GF(p) is better on
"larger" processors and GF(2^m) is better on 8-bit processors.
Certicom also has
a patent on the MQV variant of Diffie-Hellman which can be used over
EC, but has granted a royalty-free license for its use.
No. MQV is not royalty free as far as I know ...
For example,
it is my understanding that their Point Compression is covered
regardless of whether you burn it in silicon or not.
Yes. Certicom has filed a fairly broad patent on point compression
techniques.
In fact,
it was my understanding that Certicom was planning to release
a software library (a-la BSAFE) that one would buy to add EC
capabilities to his product (and to become a "legal" licensee).
Yes, Certicom sells toolkit products for a wide variety of platforms
including MS CSPs and CDSA CSPs.
Likewise, I'm aware of "$1 per copy maximum license fee" message from
Certicom, but haven't heard of ANY "royalty-free" offer or license.
Care to amplify?
Yes, Certicom provides very reasonable licensing of the technology. To
date there is no "royalty-free" offer. Certicom's patents cover a wide
variety of ECC and public key mechanisms. The company has worked very hard
to avoid the licensing models of other companies with public key patents.
They have largely stressed the benefits of their implementations over the
necessity to license patents.
Certicom is considering creating a "non-commercial use" license that would
promote the wider fielding of ECC technology. Certicom's broad range of
patents on ECC might limit the adoption of ECC technology in applications
like OpenPGP. A "non-commercial use" licenses would be introduced to
promote research and implementation of ECC technology. This would cover
most personal usage of OpenPGP.
Your comments on approaches to such a license would be appreciated.
Regards,
Paul A. Lambert
Director of Technical Marketing
Certicom Corp.
San Mateo, CA
+1-650-312-7996
______
Uri Blumenthal <uri(_at_)watson(_dot_)ibm(_dot_)com> on 05/05/98 11:01:34 AM
Please respond to uri(_at_)watson(_dot_)ibm(_dot_)com
To: rankney(_at_)erols(_dot_)com (Rich Ankney)
cc: ietf-open-pgp(_at_)imc(_dot_)org (bcc: Paul Lambert/Certicom)
Subject: Re: Subject: Re: Legal issues in implementing OpenPGP
Rich Ankney says:
ECDSA in particular is not patented. Certicom has patented various
hardware tricks to implement EC over GF(2^m). Certicom also has
a patent on the MQV variant of Diffie-Hellman which can be used over
EC, but has granted a royalty-free license for its use.
I do NOT think Certicom patents are limited to hardware. For example,
it is my understanding that their Point Compression is covered
regardless of whether you burn it in silicon or not. In fact,
it was my understanding that Certicom was planning to release
a software library (a-la BSAFE) that one would buy to add EC
capabilities to his product (and to become a "legal" licensee).
Doesn't look like hardware trick to me.
Likewise, I'm aware of "$1 per copy maximum license fee" message from
Certicom, but haven't heard of ANY "royalty-free" offer or license.
Care to amplify?
--
Regards,
Uri uri(_at_)watson(_dot_)ibm(_dot_)com
-=-=-=-=-=-=-
<Disclaimer>