[1488] in cryptography@c2.net mail archive
Re: Netscape SSL Patent
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Mon Sep 15 14:26:30 1997
To: David Jablon <dpj@world.std.com>
Cc: 3umoelle@informatik.uni-hamburg.de (Ulf =?iso-8859-1?Q?M=F6ller?= ),
cryptography@c2.net
From: Marc Horowitz <marc@cygnus.com>
Date: 15 Sep 1997 01:23:27 -0400
In-Reply-To: David Jablon's message of Fri, 12 Sep 1997 10:11:44 -0400
David Jablon <dpj@world.std.com> writes:
>> FILED: Aug. 25, 1995
>>
>> 3. A method of encrypting and decrypting information
>> transferred over a network between a client application
>> program running in a client computer and a server application
>> program running in a server computer, the method comprising:
>>
>> providing a socket application program interface
>> to an application layer program;
>> [*] providing encrypted information to transport protocol
>> layer services;
>> encrypting information received from an application
>> layer program; and
>> decrypting information received from transport protocol
>> layer services.
Together, IPSEC (including ancestral and related technology, such as
swIPe and SKIP, which all provide a socket API), and the GSSAPI
enhanced ONC RPC (which sits between the transport and application
layers) seem to provide prior art for all the claims in this patent.
I'm not sure when SOCKS came about, but it would seem to be prior art
all by itself.
>> Presuming that Netscape intends to enforce this, and
>> that others might want to challenge it, to survive it
>> must be novel over newly cited prior art. The main thing
>> that makes it potentially different than many other
>> encrypted transport layers is the phrase I marked with a [*].
>>
>> It might only take one good example of earlier work that
>> used any kind of encrypted data to control the
>> transport layer to invalidate this.
I'm not exactly sure what this phrase means. I think it means
"passing ciphertext to a transport layer" (I don't see where "control"
comes in here). This seems to describe pretty much every network
security system I know of: you have to get the ciphertext out for it
to do any good. Why do you think this is novel?
Legal question: at what granularity does this stuff work? if I write
a program which only does a subset of the items listed in a claim, is
it infringing? Similarly, if I have prior art for a subset of the
listed items, is that grounds to invalidate the entire claim?
Marc
