[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: patent issues on keyed MD5?
smb@research.att.com says:
> Folks, we may have a patent issue to contend with. Novell was recently
> issued U.S. patent number 5,349,642 (my thanks to Tim Farley for posting
> this information to alt.security and comp.security.misc); it appears to
> cover the notion of message authentication via a key cryptographic hash
> function. The patent was filed on 11/03/1992 and issued on 9/20/1994.
>
> There may be a question of priority. Tsudik's paper describing keyed
> hash functions was presented at a conference in May 1992, according to
> the Postscript copy I have. But I don't know who came up with the idea
> first, and the U.S. is a first-to-invent country. Nor do I know when
> the notion was first used for NTP or SNMP authentication.
My feeling is that this is Yet Another Bad Patent. I heard about the
notion well in advance of May 1992 -- I'm almost certain that it was
discussed informally in the advanced cryptography seminar I was a part
of in 1991, although I have yet to find my notes, and certainly the
notion has been floating around as long as the notion of cryptographic
hash functions has.
If we were to give in on this, we'd also have to give in to that !#@%
who claims that he has a patent on networks in general (still being
litigated in spite of the obvious prior art) and the !@#$%# who claims
he has a patent on client-server computing, and all the others. The X
Consortium long ago adopted a policy of ignoring such stuff -- they've
never given in on the bogus AT&T backing store patent or the XOR
patent -- and I, for one, intend to ignore this patent, too. If Novell
bothers me, they can talk to my lawyers. Its one thing if a patent is
halfway legitimate, but its another if it was granted on an obvious
notion that there was substantial prior art for.
Perry
References: