Slashdot Mirror
Patent Claimed on System-Level Encryption
nattt writes "The Register is reporting that a Californian firm, Maz Technologies has been granted a patent for application independant file encryption, and is now going after other companies with its lawyers to press its claims. It seems that the US patent office doesn't check very well for prior art, and their laxity is causing small firms that get attacked on infringing these bad patents a lot of money to defend themselves."
If they are suing already, doesn't that invalidate the patent by demonstrating prior art before the patent was applied for?
"No good deed goes unpunished"
We need more bad patents like this. The more of a problem this becomes, the more likely Congress is going to do something about it. And as long as the patents are as ridiculous as this one, and as long as they go after companies with money before they go after open source, everything's fine as far as I'm concerned.
Attack the small firms first so they cannot afford to invalidate the patent. Meanwhile when the small firms start paying royalties your patent will become more established. By the way the 25 000 in royalties is nothing compared to what the case may cost. So that company will probably pay the fee if hey cannot get an early win in court.
Why not directly sue Microsoft, Sun, HP, IBM? Somewhere along the line one of these companies offered system level encryption.
Or maybe this dinky unknown company saw a way to squeeze money out of little companies who they thought couldn't afford to fight back?
I find it quite disturbing that our United States patent office will accept such a broad claim, needless to say. What I find even more disturbing, however, is the precident for accepting such patent claims without, as the article states, any such encryption programs being submitted.
In my mind, it's one thing to stake your claim to an invention or creation of your own doing, something that you have already built. Even what may be viewed as a "fair" patent process, however, I object to on the principle that it tends to create unnecessary monopolization of certain products and only serves to lock down profits for one party. Patents, in my mind, are a competitive, money-making scheme and nothing more. It's another thing entirely, however, to patent an idea, preventing others from using it possibly, without submitting any such art of your own.
Think about this for a moment. If companies are allowed to patent thoughts and ideas they have not created, then this only creates a rush to create patents and not a race for innovation. If "prior art" of your own is not required in a patent submission, then the application for patents becomes nothing more than financial speculation on future technologies.
-Niten
This is a wake up call. This is the most fucked up thing to come out of a fucked up patent office.
This is not fucked up just because it indicates that the USPTO is incompetent. As someone else has said, this patent indicates that the USPTO is not doing a poor job, it is doing NO job.
That means that shysters like this company can be granted a patent and embark on the typical shyster lawsuit strategy: small fry first, maybe some bigger game later, and of course ignore the big game because the big game will eat them and their entire families.
Let's sum up. This company with this bogus patent is nothing but a racket, a group of hoodlums, a pack of criminals hoping to make a quick score. Either than, or they are criminally stupid. And the USPTO is abetting the criminally stupid by failing to do anything remotely resembling their job.
They're all part of a big family by the name of Mud that keeps on gettin bigger.
And you've just struck on the problem of having the government do anything...
Suing the governemt, while possible, is an extremely daunting prospect. It takes lots of time and lots of money--two assets the government has in plenty, whereas most private companies or individuals don't.
Now, if the government wasn't doing so many other non-Constitutional things, perhaps some attention could be paid to the patent office and things like this could be prevented... nahh, I'm just a lunatic...
Potato chips are a by-yourself food.
This is an idea that sounds good on the surface but is actually very bad.
If you could sue the USPO, the majority of suits would be from companies suing to have their patents *granted*. Being able to sue would just give them a second whack at the pinata.
Normal small companies and rational individuals would not sue to have bad patents denied: if you have the money to go to trial, it's better to wait until the patent is enforced in an unfair way.
So, could you restricts suits to reimbursing the costs of unfair patents? "Unfair" would need to mean that a court had invalidated the patent or restricted its scope, so the defendant would already have gone to trial for patent infringment, and prevailed. In this case, he may well ask for court costs, and get them (especially in a David & Goliath situation) so the USPO incompetance has, in some sense, cost him nothing.
If the defendant can't afford to defend himself in court, no one is going to judge the patent to be "bad."
IANAL, etc.
I think you are glossing over a few details.
Here's the actual claim (claim 1):
1. A method of encrypting an electronic document which is open in an application program running in a general purpose computer, the general purpose computer including a display, a user input device, a crypto module and a processor, the method comprising:
(a) from within the application program running in the general purpose computer, a user issuing one of a "close," "save" or "save as" command for the document using the user input device;
(b) automatically translating the command into an event;
(c) the crypto module automatically trapping the event;
(d) the crypto module automatically obtaining an encryption key value;
(e) the crypto module automatically encrypting the document using the encryption key value;
(f) the crypto module automatically passing control to an electronic document management system; and
(g) the electronic document management system executing the issued "close," "save" or "save as" command;
whereby the electronic document is automatically encrypted.
First off, fopen() is not the "crypto module" in your description, the block driver is. But it's the crypto module that has to trap the call.
Second, the patent goes out of its way to define "electronic document management system." You can't ignore its definition and just say that it's synonymous with "any file system."
Also, according to the claim, the EDMS is the entity that has to execute the "save" or similar command. A file system doesn't do that.
In short, the claim fits where you have an encryption add-on module for something like PC DOCS. It seems to be a bit of a stretch when applied to a garden variety file system.
Would it be possible for a number of small firms that have lost a lot of money and time wasted over these lawsuits produced by the Patent Office's lack of care in looking for prior art to actually take a class action lawsuit against the Patent Office? Perhaps, they could try and prove loss of wealth and try and prove that the Patent Office is failing?
Just a thought, yes I know its an expense to do..But just wondered.
StarTux
No, crypt(1) is different from crypt(3). It was,
what, a one-rotor Enigma machine or some such. Do
a google search on 'crypt(1)'.
I'd call this not prior art since it wasn't really
"application-independent", even if vi did have that
-x option. Perhaps any of the encrypted file systems
such as CFS would qualify.
Let's go through claim (1) for example:
(a) from within the application program running in the general purpose computer, a user issuing one of a "close," "save" or "save as" command for the document using the user input device;
Doesn't that sound like any generic application these days? Can we say "File/Save" anyone (or for the CLI people using vi, ":w"? So this part of this claim applies to practically any desktop application. What they are describing here is existing infrastructure, and nothing that could be considered to be characteristic of their own invention.
(b) automatically translating the command into an event;
Once again, any desktop application. Most GUIs I know are event based, so any menu action is always sent to the application as an event. This even generation process is transparent to the application itself. Once again, hardly unique or original, and definately not an indicator that a particular system is like their own.
(c) the crypto module automatically trapping the event;
One could achieve this by using, say, stegfs. The crypto module is part of the file system driver - it traps the events being sent to things like "open" or "write". There is a catch here - perhaps you could argue that, in order to be covered by this patent, the crypto package would have to intercept the "File/Save" event before that event actually got to the application.
(d) the crypto module automatically obtaining an encryption key value;
Like, say, obtaining a PGP key from a keystore using a cached passphrase? Or perhaps a passphrase that was specified at the time that the steganographic file system was mounted?
Perhaps their system is even more primitive - they pop up a dialog box and ask the user for a passphrase on the spot.
PGPDisk was doing all the stuff up to here a long time ago. So the claim so far sounds very unobvious and definitely not novel.
(e) the crypto module automatically encrypting the document using the encryption key value;
I only wonder if they mean "automatically" as opposed to "manually", or "automatically" as compared to "mechanically" or "algorithmically". To me it sounds like this claim is redundant and obvious. Encrypting the document using any other values than the ones provided by the crypto keys is pretty useless.
(f) the crypto module automatically passing control to an electronic document management system;
What do they mean by "electronic document management system"? A file system is a DMS. Are they just using obfuscated language here, or do they have a particular thing in mind when they say "electronic document management system"? If their patent suits are anything to go by (that link from another response to the original story, BTW), they mean "file system".
(g) the electronic document management system executing the issued "close," "save" or "save as" command;
That's what a DMS would normally do anyway, surely? You could escape this patent by having your encryption module issue its own "save" command, after intercepting the system's own "save" command.
Of course, letting an Electronic Document Management System do the things it's supposed to do is hardly a novel concept.
The Last Paragraph
Then we get to the interesting bit - right at the end:
Thus they are claiming that anything which looks something like this system is also covered by this patent - they're redefining patent law!
[1] They don't even know that a system built as described in their patent would work. exemplary in sense 3 implies that these guys have built a patent on top of a proof-of-concept.
Re Step 425, "Crypto Server Traps Event", Grail said, There is a catch here - perhaps you could argue that, in order to be covered by this patent, the crypto package would have to intercept the "File/Save" event before that event actually got to the application. You are correct. They are trapping when the user selects "save" from the application menu, NOT when the file is written to disk.
They probably meant to say that the system intercepted reads/writes to particular files on the filesystem. That's how SafeHouse (the product they're suing) does it. Oh well, too late to change the patent now. <g>
I also liked
Step 420: Command is translated into an event.
Waddaya mean translated? Modern operating systems handle this as an event by default.
Step 430: Should document be encrypted?
Funny that this decision seems to be made without interaction from the user. In other words, the user doesn't decide which documents are or are not encrypted. (at least not at run time).
The description of the technology in the patent is vague enough that I wonder if they had actually implemented this at the time. Oh, another funny thing... Maz Technology doesn't seem to have a product that does what this patent claims to do. Hmm.... You're not allowed to patent someone else's invention. <g>
Maz does have this product called IntelliGuard, which has a great marketing description, but to me the description seems rather... lite. I wonder if they've actually implemented anything even now. (It also claims to provide an infinite number of customer's options. At least they got the infinity problem licked.)
-gh
DISCLAIMER: this post is a statement of opinion and not of fact. (Just in case any laywers are reading...)
For the full text of the patent, visit USPTO Search Page and enter the patent number 6185681.
See also a sci.crypt discussion on google groups