Skip to main content

A patent troll is suing everybody for using HTTPS

Ah, don't you love the smell of patent trolls in the morning?

In the latest news regarding these wonderful creatures, it was unveiled Tuesday that a Texas company called CryptoPeak Solutions has sued basically everyone, everywhere, for using the HTTPS protocol.

Yes, they're claiming ownership over the HTTPS. The patent, called "Auto-escrowable and auto-certifiable cryptosystems”, reads as follows:

A method is provided for an escrow cryptosystem that is overhead-free, does not require a cryptographic tamper-proof hardware implementation (i.e., can be done in software), is publicly verifiable, and cannot be used subliminally to enable a shadow public key system. A shadow public key system is an unescrowed public key system that is publicly displayed in a covert fashion. The key generated by the method are auto-recoverable and auto-certifiable (abbrev. ARC). The ARC Cryptosystem is based on a key generation mechanism that outputs a public/private key pair, and a certificate of proof that the key was generated according to the algorithm. Each generated public/private key pair can be verified efficiently to be escrowed properly by anyone. The verification procedure does not use the private key. Hence, the general public has an efficient way of making sure that any given individual's private key is escrowed properly, and the trusted authorities will be able to access the private key if needed. Since the verification can be performed by anyone, there is no need for a special trusted entity, known in the art as a “trusted third party”. The cryptosystem is overhead free since there is no additional protocol interaction between the user who generates his or her own key, and the certification authority or the escrow authorities, in comparison to what is required to submit the public key itself in regular certified public key systems. Furthermore, the system is designed so that its internals can be made publicly scrutinizable (e.g., it can be distributed in source code form). This differs from many schemes which require that the escrowing device be tamper-proof hardware.

According to Ars Technica, AT&T, Costo, Expedia, GoPro, GroupOn, Netflix, Pinterest, Target and Yahoo are just some of the companies being sued for patent infringement. All lawsuits include almost identical language: "Defendant has committed direct infringement by its actions that comprise using one or more websites that utilize Elliptic Curve Cryptography (“ECC”) Cipher Suites for the Transport Layer Security (“TLS”) protocol (the “Accused Instrumentalities”).”

Some companies are willing to fight the lawsuit, while others have decided to settle it outside the courthouse.

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.