1993-04-30 - validity of the RSA patent

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: aee8fa6f5eadd30f6ac424e70227c58bccaea95985474784e46f8034a1448669
Message ID: <9304300628.AA17668@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1993-04-30 06:32:20 UTC
Raw Date: Thu, 29 Apr 93 23:32:20 PDT

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Thu, 29 Apr 93 23:32:20 PDT
To: cypherpunks@toad.com
Subject: validity of the RSA patent
Message-ID: <9304300628.AA17668@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Plenty of people gripe about PKP patents.  Assume for the sake of
argument that the patents will be upheld, that they are valid.  What,
exactly, is claimed?  The RSA patent claims the RSA cryptosystem.  So
we don't use that.  The Diffie-Hellman-Merkle patent claims all of
public key cryptography; in particular it claims knapsack algorithms.
So we don't use knapsacks.  But does this patent really prevent us
from using public key cryptosystems?

I think not.  Mind you, I'm only an amateur legal hacker, but this
seems like a straightforward situtation.  Consider use of another
public key encryption scheme, say LUC encryption.  Does use of this
infringe the "public key" patent?  Not directly, since we're not using
knapsacks (presumably).  We then look the equivalents doctine.  From
Blacks:

  Equivalents doctrine.  In patent infringement law, doctrine of
  "equivalents" means that if two devices do the same work in
  substantially the same way and accomplish substantially the same
  result, they are the same, even though they differ in name, form, or
  shape. [...] A doctrine which declares that a device infringes a
  patented invention if it does the same work as the invention in
  substantially the same way, even if it is outside the literal terms
  of the claims of the patent.  The doctrine prevents parties from
  infringing patents with impunity by making merely trivial changes in
  an invention.  The more significant the patented invetion the
  greater the scope of this doctrine.

So we have three criteria.  "Same work" refers to function, "same way"
refers to internal structure, "same result" refers to end product.
Now public key cryptosystems all have the same function, to provide
encryption and decryption with different keys.  The result is the same
at the end of each public key communication: a message has been passed
securely from one end of the channel to the other.

The structure, however, is completely different for the different
systems.  All three criteria must be satisfied in order for the
equivalents doctrine to hold.  The requirement of same structure is
not satisfied.

(Matt Miszewski has today offered to do legal research in anticipation
of a patent fight.  I'd like to ask him here to check out this theory
with some references to case law.)

RIPEM, as I understand it, came out originally with a different public
key algorithm and later changed it.  Perhaps Mark Henderson (who seems
to have done some work on it) could comment.

The equivalents doctrine seems to my mind to be a dual of the criteria
required for patentability.  There are four such criteria: statutory
class (is it the right kind of thing), utility (is is good for
anything), novelty (does it have new features), and unobviousness
(does it have new results).  The equivalence of function means that
the utility of the two objects is the same.  The equivalence of
structure meanse that the new invention does not exhibit novelty.  The
equivalence of end result means that someone already thought of that
before, i.e. it's obvious.  Statutory class is the same for both,
since if they're that close, they both are the kind of thing which
might be patented.

It is interesting as well to examine which can be patented: processes,
machines, manufactures, compositions (of matter), and new uses of any
of the above.  Note that a bundle of properties and purposes, e.g.
public key cryptography, is not patentable; it fails to specify
structure, so any structure would be novel.

The new use clause, though, is exceedingly scary.  Under this class,
existing equations could be used for different purposes and be
separately patentable.  For example, if you were to use the RSA
equations for some purpose other that public key crypto and digital
signature, that would be separately patentable.  It behooves us all to
think widely of possible applications and talk about them in order to
make them part of the prior art.

I'd like to see a document containing a good argument against the
claim that all public key crypto is covered.  It should have the full
scholarly apparatus with it and an appendix explaining the apparatus
to non-lawyers.  This document could then be circulated widely,
starting on sci.crypt.

After that, developing a test case is easy.  We would need for someone
to write some public key crypto code (it need not be very complicated)
and market it, claiming explicitly that the "public key" patent does
not apply. We'd want them to be extremely loud in their claims, for
example, writing the legal departments of all of the big RSADSI
licensees and offering their wares for sale.  If you could collect
money, so much the better.  This would almost invariably draw a
lawsuit, since it so directly threatens RSADSI's business.  Witness
the speed with which the recent PGP board was asked to shut down.

Assuming that we've already arranged for the up-front cost of legal
defense, we'd be ready to go.

Comments?

Eric





Thread