Tech Insider					     Technology and Trends

			      USENET Archives

Path: gmdzi!unido!mcsun!uunet!wuarchive!!!sharkey!msuinfo!news
From: (Mark Riordan)
Newsgroups: sci.crypt
Subject: Conversation with RSA Data Security
Message-ID: <>
Date: 6 Sep 90 15:04:57 GMT
Organization: Michigan State University
Lines: 75
Posted: Thu Sep  6 16:04:57 1990

Yesterday I had a phone conversation with Burt Kaliski of
RSA Data Security, Inc.  He gave me his opinions on some of
the patent-related questions I have raised here in sci.crypt.
I summarize our conversation below.
Mr. Kaliski is a cryptographic systems scientist, not a lawyer,
and his opinions--though probably well-informed--should be
viewed in that light.

RSA Data Security (I forgot to ask their relationship with
PK Associates) claims only a patent on RSA, not on the general
concept of public key encryption.  In fact, the patent covers only
certain uses of RSA; if you found a way to use the RSA algorithms
to clean your laundry, it probably wouldn't be covered by the patent.

It's "hard to say" whether my proposed use of RSA would violate
their patent.  Let me quickly summarize my intended use here:
I wish to add security enhancements to NNTP, the Usenet news
server.  The enhancements would eliminate the need for a newsreader 
to send a plaintext password to NNTP, as is currently done with the 
(relatively new) AUTHINFO command.  Under my proposed scheme,
NNTP would generate a new encryption/decryption key pair for
each transaction, and would send the encryption key to the 
newsreader (presumably over an insecure broadcast network 
like Ethernet).  The reader would encrypt the user's password
with the key and send the ciphertext to the NNTP server.  The
NNTP server would be able to decrypt the password and check
its validity, but eavesdroppers on the network would be unable 
to decrypt it.

Since this use of RSA apparently isn't quite what's mentioned in 
the patent, it might not be covered by the patent.

As for putting an RSA implementation in the public domain:
it's probably OK, but it could be considered as "inciting infringement".
Certainly any recipients of the public domain system who use
it in a manner covered by the patent would have to license
the technology from the patent holder.

Burt Kaliski indicated that his company wasn't very interested
in pursuing borderline, public-domain cases like mine from a
legal point of view.  (Of course, an informal remark like that 
doesn't mean much.)  However, RSA Data Security is concerned
about protecting their reputation.  If I publicly stated that
my code was an RSA implementation, they'd be concerned 
about the quality of my implementation and might very well
insist upon my licensing their proven code.  If a shoddy product
went around advertising itself as an "RSA implementation",
RSA's reputation would suffer.

Kaliski says that he is aware of three public key patents, though
there may well be others:
1.  RSA.
2.  Knapsack.
3.  Diffie-Hellman discrete logarithm.  This one probably covers
    any system based on discrete logarithms.

He says that I could probably find several public key systems in
recent literature which haven't (yet) been patented.  In fact,
one of my recent correspondents described to me a system 
which seems to be practical and to not be covered by existing

With all of this, I have decided for now to not distribute my RSA
code, and to pursue some other non-patented system for use in
my application.  Again, I would hope to put my code in the 
public domain if and when I complete it.

By the way, RSA Data Security can be reached at (415)595-8782
or  well!   or
The president's name is Jim Bidzos.  RSA licensing fees range from
about $25/user for internet mail signature purposes, to
about $250/user for commercial encryption systems.
(I think I got that right.)

Mark Riordan  Michigan State University

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO vs IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or

Electronic mail:			       WorldWideWeb: