[1470] in cryptography@c2.net mail archive
Re: Netscape SSL Patent
daemon@ATHENA.MIT.EDU (David Jablon)
Fri Sep 12 12:13:46 1997
Date: Fri, 12 Sep 1997 10:11:44 -0400
To: 3umoelle@informatik.uni-hamburg.de (Ulf =?iso-8859-1?Q?M=F6ller?= ),
cryptography@c2.net
From: David Jablon <dpj@world.std.com>
In-Reply-To: <9709111741.AA16992@public.uni-hamburg.de>
At 07:41 PM 9/11/97 +0200, Ulf M=F6ller wrote:
>----- Forwarded message from Dan Park -----
>Craig R.P. Heath wrote:
>>
>> I don't know how many people are aware of this, but Netscape have
>> just been granted a patent on SSL - US Patent number 5,657,390.
Interesting.
The claims potentially cover much more than SSL.
Here's some more information, plus a two-minute analysis.
5657390: Secure socket layer application program
apparatus and method=20
INVENTORS: Elgamal; Taher, Palo Alto, CA
Hickman; Kipp E. B., Los Altos, CA
ASSIGNEES: Netscape Communications Corporation, Mountain View, CA
ISSUED: Aug. 12, 1997
FILED: Aug. 25, 1995
There are three independent claims, which seem to be restatements
of the same thing. Here's the shortest version:
3. A method of encrypting and decrypting information
transferred over a network between a client application
program running in a client computer and a server application
program running in a server computer, the method comprising:
providing a socket application program interface
to an application layer program;
[*] providing encrypted information to transport protocol
layer services;
encrypting information received from an application
layer program; and
decrypting information received from transport protocol
layer services.
Presuming that Netscape intends to enforce this, and
that others might want to challenge it, to survive it
must be novel over newly cited prior art. The main thing
that makes it potentially different than many other
encrypted transport layers is the phrase I marked with a [*].
It might only take one good example of earlier work that
used any kind of encrypted data to control the
transport layer to invalidate this.
A big weakness here is that there are no narrower claims.
The "encrypted information" is nowhere limited to
being digitally signed, so purely symmetric techniques
are relevant.
------------------------------------
David Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>
