[FYI] Electronic filing of European patent applications and subsequent documents

[PA Axel H Horns]

[I would be interested on any comments on the issue whether or not 
this technical concept is really *sound* from computer security view; 
see the spec link indicated below.   --AHH]


http://www.european-patent-office.org/epo/president/e/2000_12_07_e.htm

-- CUT ---

Decision of the President of the European Patent Office dated 7 
December 2000 on the electronic filing of European patent 
applications and subsequent documents  

The President of the European Patent Office (EPO), having regard to 
Rules 24(1), 27a, 35(2), 36(5), 77(2)(d) and 101 EPC, having regard 
to the basic requirements to be fulfilled by any electronic record, 
namely 

(a) authenticity - ie confirmation that a document is what it 
purports to be, and was authored by the person who purports to have 
done so, 

(b) integrity - ie consistency of the data and, in particular, 
detecting and preventing its unauthorised alteration or destruction, 

(c) confidentiality - ie ensuring that a document's existence or 
content is not disclosed to unauthorised persons, and 

(d) non-repudiation - ie ensuring that the sender (with the 
recipient's co-operation) has reliable evidence that the data has 
been delivered, and that the recipient has reliable evidence of the 
identity of the sender, so that neither party can successfully deny 
sending or receiving the data and a third party can verify its 
integrity and origin,  

having regard to the basic standards of electronic records 
management, namely that  

[...]

Article 17 Entry into force  

This decision shall enter into force on 8 December 2000.  

Done at Munich, 7 December 2000.  

Ingo KOBER President  

-- CUT ---

For the gory technical details, see

http://db1.european-patent-office.org/dwl/epoline/epo-olf-standard.pdf

Re: migration paradigm (was: Is PGP broken?)

[Peter Fairbrother]

on 6/12/00 9:43 pm, Rick Smith at Secure Computing at
[snip]
>> "My name is Ozymandias, king of kings:
>> Look upon my works, ye Mighty, and despair!"
> 
> So the 'new dictonary' for pass phrase attacks contains all the chestnuts
> from all the school lit books in the country. I expect there's a lot of
> overlap in their choices. As Arnold pointed out, maybe 1.33 bits is an
> overestimation.

In WW2 SOE and OSS used original poems which were often pornographic. See
"Between Silk and Cyanide" by Leo Marks for a harrowing account.

Peter

IBM press release - encryption and authentication

[P.J. Ponder]

from: http://www.ibm.com/news/2000/11/30.phtml

IBM develops algorithm that encrypts and authenticates simultaneously 

IBM has developed an important step to faster and more efficient security
for e-business -- a new algorithm that simultaneously encrypts and
authenticates information.

Previous approaches to ensuring secure communications required performing
encryption and authentication in separate steps. The new algorithm,
invented by IBM researcher Charanjit Jutla, accomplishes the same tasks as
the previous techniques in about half the time.

Equally important, the new algorithm can be even more effective on
highly-parallel systems. Previous schemes couldn't take full advantage of
the parallel processing capabilities offered by modern hardware.
< . . . . >