Thanks a lot for the responses.
Bill, I agree with you that the use of ECC is really matters here, the area
where Certicom holds ECC patents. One of our application with respect to ECC
that are planning to use ECDSA (Elliptic Curve DSA) signature based certificate
generation/verification, signature generation/verification. Meanwhile I talked
to one of the sales guy from Certicom, and he is saying that one of certicom
patents is related to ECDSA and he said if I want to do ECDSA from OpenSSL,
then I need to get license.I am not sure whether that information is correct or
not.
The OpenSSL does not say anyword about the EC/ECDSA usage and its patents
information in Certicom. The only thing I got about that is that Sun has
donated the EC code to OpenSSL.
If OpenSSL users are really violating the Certicom patents then if users need
to be aware of that, then it is better that OpenSSL tell some information about
it in the release notes. Or May be that OpenSSL EC implementation does not
violate any certicom patents and that's why OpenSSL is not mentioning? Could
somebody has any insight in it?
Thanks again.
Best Regards,
Anil
Bill Colvin <[EMAIL PROTECTED]> wrote:
v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);}
st1\:*{behavior:url(#default#ieooui) }I would characterize the
Certicom patents as falling into 3 main categories:
1) patents relating to the use of ECC in very specific application
circumstances
This represents the bulk of Certicom patents. For these patents you will have
to do your own research as they are dependent on you application and have
nothing to do with OpenSSL.
2) patents that improve the performance of the underlying mathematics
For these patents, it would be difficult to say if the developers who
implemented the underlying math algorithms happened to implement a patented
Certicom technique. However, unless they were actually using the patent docs
during implementation, I doubt that this would be the case.
3) patents on ECC techniques
Now these are the ones you can find in the implementation of OpenSSL. There
are two main ones here point compression and MQV. Point compression reduces
the size of an ECC public key, but ECC keys are much smaller than RSA keys even
without it, so this one can be avoided. MQV is a key exchange technique. It
also can be avoided by using ECDH.
NSA licensed 26 Certicom patents (which includes MQV and point compression)
for use in government applications with prime modulus curves greater than 255.
This is a good Q&A on the details of this license
http://www.certicom.ca/download/aid-501/FAQ-The%20NSA%20ECC%20License%20Agreement.pdf
NSA did not license all of Certicoms patents, only a subset for use in a
limited field of use.
Bill
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar
Bollineni
Sent: January 10, 2008 2:12 PM
To: openssl-users@openssl.org
Subject: About ECC patent and OpenSSL ECC code
Hi there,
I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw
that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that
Certicom has held 130 patents in ECC area and finally NSA has licensed that
code.
Suppose if I download the code from the OpenSSL and try to develop a
product using the OpenSSL ECC code, does it violate any patent issue with
certicom?
Can anybody share any experience or information about this?
Thanks for support.
-Anil
-
Never miss a thing. Make Yahoo your homepage.
