-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
On Sat, Jan 05, 2002 at 01:53:09PM -0500, John Kane wrote:
Someone has applied for a US patent on the technique of
using a symmetric session key on a document, and then using
multiple public keys to encrypt the session key to multiple
recipients
I forwarded the message with the url to a patent attorney who also happens
to be an avid pgp/gpg user, and on several of the pgp mailing lists, {but
not this one}, and am listing his response below:
Vedaal, please forward this message to the IETF list and anywhere else you
think appropriate.
Below are some facts to ponder. As a patent agent registered to practice
before the U.S. Patent Office, I do advise clients about patentability of
their inventions. Indeed, if a client came to me with this pending
application, I would be in a position to counsel him or her as to whether I
thought it wise to pursue it. However, I do not provide such advice to
anyone but a client in a professional relationship (see disclaimer), so the
legal conclusions of these facts are left to the reader or his or her legal
counsel. Also, please note that the scope of my practice does *not* extend
to analyzing the effect of issued patents, as that is a matter before the
courts and not the Patent Office.
Now on to the facts...
[A] The independent claims of the Jevans application, as published, are
copied below. All other published claims are dependent on one of these two,
and are thus no broader in scope than these two. I've broken claim 1 into
sections for easier reading.
1. A method for transmitting a message, comprising the steps of
- - encrypting said message to develop an encrypted message,
- - said encrypted message being decryptable using a first decryption key;
- - encrypting said first decryption key with encryption keys of a plurality
of target recipients, to develop a plurality of encrypted decryption keys;
and
- - transmitting said encrypted message and said encrypted decryption keys
to
said target recipients.
22. Apparatus including at least one computer readable storage medium, said
apparatus carrying data comprising: an encrypted message, said encrypted
message being decryptable using a first decryption key; and a plurality of
encrypted decryption keys stored in conjunction with said encrypted
message, each of said encrypted decryption keys including said first
decryption key encrypted with an encryption key of a respective target
recipient of said message.
[B] The application claims priority of a provisional application filed Feb.
24, 2000. Assuming that provisional application fully supports the pending
claims (and that shouldn't be taken for granted), any patent or "printed
publication" that (1) was available to the interested public more than one
year before the provisional's filing date, i.e., before Fed. 24, 1999, and
(2) "discloses, either expressly or inherently, all of the limitations
[i.e., elements] of the claim[s]" would anticipate the claims and render
them unpatentable.
Note that the definition of "printed publication" likely includes RFCs,
which are easily found on any search engine and are publicly available
(i.e., "Distribution of this memo is unlimited").
Even if a reference does not discloses all limitations of a claim, a claim
can be rejected as obvious over a reference or combination of references,
coupled with a clear suggestion in the art (prior published literature,
patents, etc.) that the reference(s) can or should be combined or modified
to arrive at the claimed invention.
[C] According to a web page I located, RFC1991 was published August 1996
and includes the following text:
"A pgp file consists of three components: a message component, a signature
(optional), and a session key component (optional)." [5.2]
. . .
"The session key component includes the encrypted session key and the
identifier of the recipients public key used by the sender to encrypt the
session key. The session key component consists of a single
public-key-encrypted packet for each recipient of the message." [5.2.3]
[D] According to another web page I located, RFC2440 was published November
1998 and includes the following text:
A Public-Key Encrypted Session Key packet holds the session key used
to encrypt a message. Zero or more Encrypted Session Key packets
(either Public-Key or Symmetric-Key) may precede a Symmetrically
Encrypted Data Packet, which holds an encrypted message. The message
is encrypted with the session key, and the session key is itself
encrypted and stored in the Encrypted Session Key packet(s). The
Symmetrically Encrypted Data Packet is preceded by one Public-Key
Encrypted Session Key packet for each OpenPGP key to which the
message is encrypted. The recipient of the message finds a session
key that is encrypted to their public key, decrypts the session key,
and then uses the session key to decrypt the message.
. . .
Note that when an implementation forms several PKESKs with one
session key, forming a message that can be decrypted by several keys,
the implementation MUST make new PKCS-1 padding for each key.
An implementation MAY accept or use a Key ID of zero as a "wild card"
or "speculative" Key ID. In this case, the receiving implementation
would try all available private keys, checking for a valid decrypted
session key. This format helps reduce traffic analysis of messages.
[5.1]
[E] During pendency of their applications, a patent applicant and his or
her representatives are legally bound to disclose to the Patent Examiner
any materials they consider "material to patentability" of the application.
This includes materials sent to them from third parties after they have
filed (and published) the application. Sometimes the submitted materials
are devastating, and the application goes abandoned. Other times submitting
the materials actually winds up helping strengthen the eventual patent
because the Examiner considered the worst "prior art" and still allowed the
claims to issue -- there's a presumption that the Examiner did his or her
job correctly. So don't try this at home, at least not without specific
professional advice.
I hope this info provides some illumination for your continued discussions.
I don't subscribe to the list, so feel free to CC: me if you wish.
Ed Suominen
Registered Patent Agent (http://eepatents.com)
Independent Inventor of Electrical Engineering Technology
U.S. Patents 5,926,513; 5,937,341*; 6,052,748*;
6,069,913; additional patents pending* (*Available for licensing)
< Nothing in this message is to be construed as legal advice or
the opinion of my firm or any client. >
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: { Acts of Kindness better the World, and protect the Soul }
Comment: KeyID: 0x6A05A0B785306D25
Comment: Fingerprint: 96A6 5F71 1C43 8423 D9AE 02FD A711 97BA
iQEVAwUBPDr7QmoFoLeFMG0lAQPQ8gf+Ikdie+OpuAkwAzPKD6xHTQxK0v680GFm
2ZEGYpQ7tEveS7ntCdR74IBtiJj9rwTV0vx/Eu6YGOEe7oKCHxWrx8bxLG+O5YUj
chTFOFL1YWdGxYdKzSidUGQl6YkKc+DP2Abh4cMGRUNI7V1NxzvjRB3T8QH/TitL
ld2xoLfhvv3iLoKN3lJkHWBxQ0o+fJFroSDTDjvdYrXlNo6tygQ6Sf+qNZh4Whtw
qZ/ZVMkPIxRkbGu2kCPZ2rtVRoP+pr74LHA5n50qW2NEtDB2+y80Lgedu8wq4OvS
UQV/kWOWzCn80RRKKECr6GUGk371BG51iKA6H5q8R3KlW4KwLSMS7A==
=6ahh
-----END PGP SIGNATURE-----