W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

ECC IPR - Certicom FAQ

From: Miller, Rob <RDMILLER@mitre.org>
Date: Fri, 6 Feb 2009 14:28:19 -0500
To: XMLSec WG XMLSec W3C <public-xmlsec@w3.org>
Message-ID: <70189427BD8CE046B781F28D29C21AEE0A81C3DBB6@IMCMBX4.MITRE.ORG>
I found an FAQ on the Certicom website regarding the NSA Licenses of Certicom IPR. In the 4 items excerpted below Certicom makes claims that ECC can be implemented without their patents and that open source implementations of Suite B may be Royalty Free. They suggest contacting Certicom to find out if the implementation is Royalty Free. I will contact them about OpenSSL.

Rob Miller

 FAQ: The National Security Agency's ECC License Agreement with Certicom Corp.
Source: The Certicom website: http://www.certicom.com/images/pdfs/FAQ-TheNSAECCLicenseAgreement.pdf

58. Does Certicom have any fundamental ECC patents?
We believe we have some of the very best implementation and security patents around ECC. That doesn't mean that you can't implement ECC without Certicom. It simply means that we believe we have patents on the best ways of implementing ECC.

64. Does Certicom have a monopoly on ECC?
No. Certicom does not own ECC, nor does it have a monopoly. ECC is available in the public form and has been specified by many standards. Certicom does have the largest patent portfolio covering this area of cryptography with protocol, security and implementation patents.

66. Can I use open source code that might be available to implement ECC?
Yes provided it does not infringe Certicom's patents. The OEM/ISV should contact Certicom first and ask if the open source implementation in question does infringe Certicom intellectual property. Certicom will look at the open source implementation and let you know of any issues. In addition to intellectual property concerns, there may be more efficient or stronger implementations available from Certicom than can be found with open source.

71. Can I use open source to implement Suite B?
If you want to use open source to implement Suite B then you should check with Certicom. There may be patents that open source infringes outside those licensed by the NSA, for example implementation patents, as well as security holes or inefficient implementations in that software. Certicom can tell you.
Received on Friday, 6 February 2009 19:28:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC