W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Fw: ECC IPR - Certicom FAQ

From: Bruce Rich <brich@us.ibm.com>
Date: Tue, 10 Feb 2009 09:26:33 -0600
To: public-xmlsec@w3.org
Message-ID: <OF37BA734A.24072961-ON86257559.0054B3B8-86257559.0054D490@us.ibm.com>
<IANAL>
Some excerpts have been posted recently from a document on the Certicom 
website (
http://www.certicom.com/images/pdfs/FAQ-TheNSAECCLicenseAgreement.pdf) 
that talks about ECC.

Although the link is very useful, one needs to treat excerpting very 
carefully, as it may lead to an overly optimistic conclusion.

Without pretending to be a legal expert, I would point out several omitted 
excerpts that may constrict one's freedom of action (and now I'm doing the 
dangerous excerpting...  :-):

6. How do the NSA and Certicom define the Field of Use? 
Directly from our agreement with the NSA: 
“Field of Use” means the technology and methods necessary to implement in 
either an NSA Approved Product or a product for national security 
compliant with FIPS 140-2 or its successors the Licensed Patents and 
Patent Applications with elliptic curves over GF(p) where p is a prime 
number greater than 2255. 

7. What is an “NSA Approved Product?” 
Directly from our agreement with the NSA: 
“NSA Approved Product” means a product that is approved by the NSA for use 
by either: 
1. US Government agencies for protecting classified information, mission 
critical national security information or for protecting information under 
10 USC 2315; 
2. State and Local Government agencies for protecting classified 
information, mission critical national security information or for 
protecting information under 10 USC 2315; or 
3. Foreign Government agencies for protecting classified information or 
mission critical national security information where interoperability with 
US entities using an NSA approved product is a possibility or the 
aforementioned information originated in the US Federal, State or Local 
Government.

8. What sublicensing rights does the NSA have? 
The NSA has the right to grant sublicenses to the 26 licensed patents in 
the limited field of use defined above.

9. What does the NSA intend to do with the right to sublicense? 
We believe the NSA is interested in the proliferation of the technology. 
To that end, the NSA is granting a royalty free sub-license to 
manufactures who implement this technology into their products to address 
the Government’s needs. Note that Certicom can grant the exact same rights 
if the manufacture wishes to obtain the license from the original patent 
holders. Certicom retains ownership of all 26 patents. 

10. What does it mean to have NSA approval? 
It means that the product has been evaluated and approved for use by the 
NSA. The NSA has their own evaluation team in place to validate security 
implementations primarily for department of defense applications.

...

12. What kind of product can I license this technology for? 
As stated in our contract with the NSA, you can license this technology 
for products that fit the field of use definition “…either an NSA Approved 
Product or a product for national security compliant with FIPS 140-2 or 
its successors…”

...

19. What commercial terms do I get from the NSA? 
You get the right to use the 26 patents within the field of use defined 
above. Currently, the NSA and Certicom offer these rights under a royalty 
free license. 

What I don't see in this document is any proviso for either unlicensed 
usage or for usage outside the prescribed field of use.
</IANAL>

Bruce A Rich
brich at-sign us dot ibm dot com

Received on Tuesday, 10 February 2009 15:27:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT