PKWare Files a Patent Application for Secure .zip

prostoalex writes "The battle of ZIP formats might intensify as PKWare filed an application with USPTO to obtain a patent on its Secure Zip technology, which pretty much involves archiving with strong cryptography. If the patent gets granted, PKWare will license its algorithms for other software manufacturers. A representative of Aladdin Systems summed it up: "The good thing about the .zip file format was that you knew you could send it to everyone. Now that's getting broke.""

extensions

[exhilaration]

Ideally, a new extension should be used for any format that is incompatible with existing ZIP archives. For example, EZP for encrypted zip, or SZP for secure zip.

But it's likely that they'll keep using ZIP because of its brand recognition. That's really too bad, but at the same it might frustrate people enough to get them to try another compression format, like BZIP.

Re:extensions

[dmeranda]

What's an extension? I use Content-Types like application/x-patented-zip and name all my Zip(TM) files "archive.this.is.not.tar", and when I am forced to use Windows I never see an "extension".

Seriously, the true value of their intellectual "property" (sic) is that of their trademarked brand name. As an archive format it is pretty uninteresting. Everybody knows what "zip" means. Adding a patent in this area to me seems like a dumb move; another one of those all-to-common desparation moves by a failing company to have the USPTO save it. In the late 1990s companies looked for VC firms to save them from their own shortcomings, today the trendy savior seems to be the USPTO.

To me this move just screams "Use our patented technology to secure your important files....BTW you must use only our software and we can revoke your rights to use our patent at any time rendering your important files so secure that not even you can read them legally again!" That's enough to keep me from using their format; it's my data and I don't want my access to it to be contingent upon some party outside of my control.

Why not GPG?

[David+Hume]

zip & use pgp

Why not zip and then use GPG?

I'll stick to bzip

[Aeonsfx]

Hmm, I don't see why this is such a big deal.... bzip pretty much compresses higher than 'em all. That plus, its GNU-free ^_^ zip? I don't really see why encryption was ever a critical feature in the format, (I thought it was a bunch of proprietary schemes to begin with) but I'll continue to use it to send some files.

The next widespread compression

[interiot]

The replacement for pkzip should be gzip. Not only is it specified in the open via rfc but it's implemented in internet explorer and friends.

If they get a patent...

[brianosaurus]

I can't even believe there is any doubt they will receive a patent for this, even if it isn't anything particularly interesting. In fact I'll be presently surprised if the PTO actually recognizes the existance of plenty of prior art. Maybe they don't even need to recognize prior art, just the fact that encrypting a zip file is obvious.

Its insane that you can patent "Doing something someone already did, but doing it to THIS instead of THAT." I can, perhaps, buy an argument that encryption (like the first time anyone did it) was patentable. Maybe even that different algorithms for encryption could be patentable.

But once encryption is there, applying encryption to ANYTHING should not be patentable. A zip file is just data. Encrypting it (or encrypting the contents) is not a novel concept.

So while I would love to see the PTO demonstrate some miniscule amount of clue and reject the patent, I will be very surprised if they actually do.

What's worth a patent?

[jetmarc]

Ok, I know that ZIP is known for notoriously weak security.

But is it worth a PATENT to now associate the "security" features of ZIP
with "strong cryptography algorithms"?

That's like Microsoft filing a patent for a "not crashing OS", as reaction
to market research reports that show how people are not happy anymore with
traditional (crashing) MS products.

WinZip Publishes AES Encryption Standard

[----]

With the WinZip 9.0 Beta announcement there is this little tidbit ...

"Advanced encryption
WinZip 9.0 supports 128- and 256-bit key AES encryption, which provide much greater cryptographic security than the traditional Zip 2.0 encryption method used in earlier versions of WinZip.

WinZip 9.0's advanced encryption (FIPS-197 certified) uses the Rijndael cryptographic algorithm which, in 2001, was specified by the National Institute of Standards and Technology (NIST) in Federal Information Processing Standards (FIPS) Publication 197 as the Advanced Encryption Standard (AES).

After a three-year competition, the AES was announced by NIST as an approved encryption technique for use by the U.S. government, private businesses, and individuals. When properly implemented as a key component of an overall security protocol, the AES permits a very high degree of cryptographic security, yet is fast and efficient in operation.

WinZip's AES encryption is just as easy to use as traditional Zip 2.0 encryption: all you have to do is select the encryption strength and specify your password.

Note: recipients to whom you send AES-encrypted Zip files must have a compatible Zip file utility in order to decrypt the files. At this time, WinZip 9.0 is required. We have, however, published the full specification for creating WinZip-compatible AES-encrypted Zip files, and we expect that other Zip file utility vendors will provide support for the format. "

Funny, it sounds like either they already reverse engineered the pkware zip encryption, or established their own encryption.

I wonder how many times users will complain to company xyz (that is using pkware encryption for their products) about their files not working in winzip, before company xyz will drop their pkware proprietary encryption in favor of winzip's published (and functional) encryption.

/* ---- */

If they're smart, it won't break .zip's usefulness

[charlesbakerharris]

If they patent the process, the smart thing for them to do would be to release the decoder as a part of their basic freeware utility, then charge for the ability to zip/compress everything.

That way, you could always still send either an unencrypted or an encrypted zip - you pay for the ability to encrypt them, fine, but you can unencrypt them easily enough no matter where you are or whose winzip you're using.

It's kinda like Acrobat - anyone can read their files, nobody can create them without buying the utility (blah blah freeware acrobat writers, I know...)

Software patents hurt everyone

[JVert]

Software alone should be an exception from patents. Copyrights are ok to protect branding but patenting algorithims is like patenting a shortcut for a daily commute. People built cars and roads to you could use them as you wish. Same thought behind people building hardware and compilers.

Re:Ironic quote from Aladdin Systems

[_Knots]

It's still damn two-faced, though. They managed to convince legions of Mac users to use a proprietary archiving format (all StuffIt 3.x and later were undocumented), but they placated desire for cross-platform capability with support for all the common PC formats (without Mac features, natch). They also changed the format a lot (in 5.x and again in 7.x), possibly in response to other people reverse engineering it.

Thus Aladdin took full advantage of the openness of the ZIP format for so long, for compatibility, but used closed formats to keep competitors away for Mac-specific files. It is somewhat ironic, then, that they are complaining about ZIP becoming closed when people have certainly complained in the past about their format being closed.

--Knots;

Re:Use PGP

[gregbaker]

Also you can't usefully compress encrypted content

Says who?

Consider piping your PGP output through this:

perl -pe "s/(.)/\$1\$1/g"

Is it compressable? Yes. Less secure? No.