Cisco Applies For Patents To Secured TCP

An anonymous reader writes "Following the recent excitement over a potential vulnerability in TCP, Cisco's "Worldwide Patent Counsel", Robert Barr, has let it be known that they have pending patent applications for one or more of the IETF recommendations for improving TCP's security. KernelTrap has the full details."

Well...

[Short+Circuit]

They better hope their applications are dated before the recommendations.

Re:Well...

[arivanov]

Depends from what perspective. They have already pulled out the stunt of suing Aclcatel and OpenBSD for VRRP without doing the proper patent disclosure in IETF. So one more case one less is not going to change a lot.

Methinks that it is much more interesting that there were people from outside Cisco working on that vulnerability. If I recall correctly the list there was Juniper and someone else there as well. So unless Cisco did the correct paperwork with these guys they are fully entitled to sue Cisco's arse flat.

In btw, it is quite time someone questions the exact origin of SSL, SSH, NTP and a few other items in IOS which are known to be bug for bug compatible with OSS code and do not have stated copyrights in the IOS release notes.

It's all about the phbs

[SatanicPuppy]

Phb: "Oh, SELF PROTECTING NETWORK! Oooo! We need one of those!"

Such crap. It's like those blatantly false microsoft ads where they show microsoft office as a wonderful beautiful thing. I've worked with office for years, and the only time I danced through my office with a newly printed office document involved a printer incompatibility, a long project, and way too much coffee.

Show me an ad that says, "Hey this works okay most of the time," or "this router can detect and contain unusual network activity, so viri spread slower" and that's a product that I can trust. Promising pie in the sky only works for idiots.

Re:It's all about the phbs

[ryanmfw]

The DARPA is actually working on something like this. It's supposed to automatically identify a virus or worm within seconds and with no human intervention. It's then supposed to disconnect the entire network from the segment that that virus was discovered on. Sorry I don't have the link.

Re:It's all about the phbs

[SatanicPuppy]

I agree completely, thus the "Pointy-Haired Boss" reference.

My mother is just like this. I can tell her something over and over and over again, and it means nothing to her. But if she hears the same thing from a random, poorly-informed stranger, it's a proven fact.

It's sad that they know enough to hire skilled people, and then choose to listen to simplistic (though slick) advertising instead.

Solution:

[Sebby]

Read my last post.

Great timing

[darkjedi521]

I was planning on migrating two legacy networks off of DECnet and NETBeui over to TCP/IP transports. Considering this, I might as well leave the older protocols in place. Besides being easier to contain at the firewall (drop all non-ip), they are so old as to not be patent encumbered. Plus the netbeui stack actually fits on a floppy, unlike the MS TCP stack, which only fits after massive pruning and compression.

Re:i'm starting to agree

[mo]

well, if it makes you feel any better, we just made a purchasing decision against cisco in favor of two simple linux boxes running a combination of shorewall and heartbeat. The cost savings versus the cheapest cisco firewall that does failover was worth the effort of installing the open source software. I also highly recommend m0n0wall for a SOHO cisco replacement. I'd chose m0n0wall over a cheaper watchguard or sonicwall box any day.

Re:Before anyone spouts off at the mouth

come from an age that moved far slower than ours does

Exactly!!! It took so much time and money to come up with some of the major advances in yester-years that they needed the patent restriction timing to help get back some of the cost they stuck into R&D.

They are there to protect investors not innovators.

Well, no shit. But don't forget, if there were not investors, how would the innovators keep innovating with no money to back them. The fact is patents allow for investors to make back the money they invested. However, technology is currently moving so fast that the patent system definitely needs an overhaul.

Did ANYONE RTFA???

[chrome]

Especially the part where Robert Barr says "any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard."

That sounds like to me that Cisco will not be charging a whole lot for this license, it will probably be one of those $1 license deals where once you have it, you have it in perpetuity.

If Cisco don't apply for a patent, someone else WILL and those barstards might end up charging so much for the method that it never becomes a standard.

I don't think Cisco's intent is to make the standard too expensive for it to become an actual standard in use.

Re:Did ANYONE RTFA???

[chrome]

Right. I checked the GPL and it does say that.

I got a response back from Robert, my stuff is in bold, his is the reply below:

> If I read this correctly (IANAL, obviously) the Linux Kernel project
> could go right ahead and use the methods that Cisco has applied patents
> for, however at any time after a Patent has been issued (IF it is
> issued - and I think its a fair bet its going to happen, the USPO seems
> to rubber stamp anything out of tech companies these days) Cisco could
> demand that the Linux Kernel project pay them whatever.

Not at all. That's not what it says, or what I mean to say. It says that
nobody has to pay anything, or even ask for a license, unless they want to
assert patents against Cisco. You don't read it that way?

Well, I'm not quite mollified by this. So I sent the following:


Okay, I get that point now, but is there anything stopping Cisco from asserting its patents just for the hell of it?

You say that Cisco will only assert its patent against someone who tries to assert a patent against Cisco, but what is stopping Cisco from just doing it anyway?

ie, the methods are integrated into the Linux Kernel TCP/IP stack and gain wide acceptance, and Cisco then sees value in trying to claim that all users of Linux need to pay Cisco a licensing fee of $200 per CPU to use the proprietary, patented methods included in Linux.

I know its far-fetched, but 3 years ago, anyone saying that SCO would try to claim ownership of Linux would be laughed at.

What agreement can open source projects enter into with Cisco to ensure that the above is legally impossible?

Lastly, the GPL states:

"Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all."

So, for any GPL software use Cisco's methods, Cisco will need to provide a guarantee that under the GPL, any future patent for these methods will be free for use by that GPL software.

Just taking your word for it that Cisco won't assert it's patent in the future isn't good enough :)



Now, I'll happily grant that my analysis if probably flawed, but I think I'm on the right track here ;)

Re:Did ANYONE RTFA???

[Mind+Booster+Noori]

With regard to patents, in particular, no one *ever* has an obligation to refrain from making, using or selling technology that *may* practice patent claims solely because someone somewhere has taken a patent, claims to have a patent, or even publishes a license. Only the demand that you in particular take a license or cease infringing triggers theoretical liability under US patent law. Whether there can be liability for damages for the period before such notification is another question, legitimately of importance to those who commercially distribute free software, but not ordinarily of significance to those who develop only, or who distribute non-commercially.

In other words, you can code something using the patented "technology" (they aren't even patenting that, only their share part of some ideas they had to fix a protocol!) until Cisco wants to stop it.

Moreover, patents are not global, only local. To say that we cannot *develop* under GPL because a patent exists in country X, and a license has been published there to which those making, using, or selling in country X *might* be asked to subscribe would go much too far. That situation certainly does not prevent development elsewhere, and distribution under GPL can certainly proceed."

FreeS/WAN wasn't in 2.4 kernel because of the possibility of legal problems in some countries (just one example), so why would this be different?

Well, of course, USA has software patents and unfortunatly Europe is going the same way, but Africa hasn't yet!

It's the best I can do. Why? Why the hell is he going to patent it in the first place? Isn't he against software patents as he claimed to? Is he being pressed to do this? By who?

Re:Oh goody.

[drinkypoo]

In order to build a car that is intentionally-driving-over-a-cliff-proof you would have to take control away from the driver in many situations, at least to some degree. It would in some ways make the car more dangerous but I think using a combination of GPS, GIS (for terrain with height values), ABS, drive-by-wire throttle, and electric power steering, you could probably pull it off.

Similarly, it is possible to protect entirely against some types of attacks and reduce the damage of others, even when the attacks are being launched from the inside, by treating all networks as foreign to one another, and not making any exceptions. This may make the network less useful in many ways, but many organizations are doing just this.

Actually...

[Xenographic]

I can and have thought up a number of ways to use our IP laws to discourage innovation.

For example, there's some stupid precident where something like 5 notes were supposedly "subconciously copied." I remember that, from the way they decided things, someone calculated that there were only 5,000 some odd different types of music that would be legally recognized under that precident.

Therefore, if you simply make a CD with each variation (and to comply with other wacky precidents and laws, make it a "dramatic" work--e.g. put some kind of story in there with your music, as well as mixing up the order so as to make your creation more creative than a mere listing of all the possible note combinations), and file a copyright on it.

Voila, you've copyrighted all the music. But you probably don't dare distribute any of it, lest you infringe on every pre-existing work, so you play SCO. Manage to get in the media with some wacky press release (Slashdot would be a good target), and spout off about how you intend to use this to stifle musical innovation "because it's clearly not profitable."

Ramble on a bit about how the industry knows what is best for us--"only unoriginal crap sells! so long as they're just rehashing their old works, we feel that they're not deriving anything from ours, and we simply want the music producers to make money, something you cannot do unless you force-feed the public unoriginal music." Thus you're never under obligation to actually sue anyone, though you can make a show of menacing anyone whose music might be original, telling them that it doesn't seem to derive enough from all their old records, so they must have stolen it from you...

Yes, I realize that this is incredibly contorted logic (I must have been reading too many SCO stories here...), but the upshot of it is that you would be using such a copyright registration to (at least attempt) to stifle innovation. ...

Now then, as for patents? It's harder to find an example of a bottleneck, as above, and these will cost you over $1,000 each in filing fees alone. Still, you seem to be able to patent the most rediculous things. You could always file some nonsense like "n-click shopping, for n greater than one" (note that you can make "shopping" into any other activity, though you might get hillarious results like "3-click bowling") or just "___ over the internet" ...

I can even imagine being bored enough to write an "absurd patent generator" in Perl, if I could just think of more such patterns to feed into it :] For irony's sake, one could then patent that nonsense generating algorithm (though proving it useful in commerce might be another hurdle... I wonder if they would buy the thought that putting it on a page with ads and making a grand total of $0.38 from the ads would be enough? :)

Of course, if you really did invent something wonderful, and you could patent up all the possible ways of using it (so that others couldn't just tweak it and get around your patent), you could always just publicize it and say that you have absolutely no intention of ever letting anyone use your invention until the patent expires. If it was software, you might then make it available via your website for *only* those people where your patent doesn't apply...

Re:Some IETF and patent background...

[ninjaz]

So you can have more secure communications, but only if you pay Cisco.

Actually, according to the "full details" link, you can have more secure communications, but only if you pay attention to OpenBSD's recommendations (and ignore Cisco's patent-encumbered implementation which isn't as good).

This is the second time in six months OpenBSD has seriously one-upped Cisco and its patents. :-) They even wrote a song about the first!

No more early access for Cisco

[Burdell]

If they are going to attempt to patent fixes to security problems that they had early access to (i.e. they were notified about the problem prior to it being released to the public), that access should be stripped. The idea of early access is to cooperate and fix problems as fast as possible. Patenting a solution is not cooperation, so Cisco should lose their access.

BTW: one poster said "don't get excited, they'll do a reasonable and non-discriminitory license". That's nice, but it is useless for GPL software (unless they release an implementation under the GPL) and a trap for BSD licensed software (you can end up with code that says you can use it but you can't because of the patent).

Re:Oh goody.

[gstoddart]

No, you were right. It would make the car more dangerous.

A car suddenly deciding it isn't willing to listen to your inputs is just scary.

Because in any condition in which the computer takes control, the driver won't know what the hell happened, and the computer might not have all the information.

Now if it picks me up, drives me to my destination, and goes away to refuel itsself and hang out with other cars, it is perfectly allowed to retain control at all times. =)

(And I wouldn't trust *that* unless it was on a track with guaranteed physical distance between vehicles.)

Re:i'm starting to agree

[dspisak]

Dude, try OpenBSD 3.5. Automatic firewall rules syncing and HA with pfsync and carp! I think you will find it far nicer to work with then Linux+Shorewall. Not saying thats a bad choice, just the stuff in OpenBSD 3.5 is really seriously good stuff.

www.openbsd.org

Re:Oh goody.

[Maserati]

They're a pretty bad rip-off of the IBM campaign. Which has been brilliant. The IBM spots don't make specific promises, but they do have a keen insight to convey. Anybody else really, really, really need a "Business Reality Detector" ?

We do get the bosses' kids from time to time, but we use Macs :-)

Re:Before anyone spouts off at the mouth

[Lawrence_Bird]

> come from an age that moved far slower than ours does

>Exactly!!! It took so much time and money to come up with some of the major advances in yester-years that they needed the patent restriction timing to help get back some of the cost they stuck into R&D.

One can argue the inverse.. it takes so little time now for something to be reverse engineered and then commoditized that the patent affords the inventor(and investors) the opportunity to recoup r&d and costs to bring to market and then to make some money on the item before its margin goes to 0.

Re:not more patents

[Darby]

don't we have enough patents as it is?

Well, maybe.

What if we were to limit the total number of patents?

The obvious result would be a new market in selling patent slots. You would have to *know* that you could make your investment back before applying because the patent itself would cost so much.

It would decrease the number of frivilous patents filed, but the small inventor would be at a disadvantage.

What do you think, would it be a positive, negative, or a push?

Patents are pretty much worthless...

[Svartalf]

Unless you've got deep pockets, the Patents themselves are only as good as your lawyers that you can afford to defend them (and the legal fees to do so...). Unless you're one of the big players, you don't have the resources to take on any infringers save players that are your own size. Unless the Patent is for something simplistic, the people that would bother to reverse engineer the technology are in the X lb gorilla size class (where "X" is a suitable multiple of 100...) and therefore have more legal and financial resources than you can normally bring to bear. Eolas is an exception where some deep pockets took a lame patent that probably should have never been granted and attacked even deeper pockets- all they did was pursue the alleged infringement by Microsoft at some point. They wouldn't have been able to afford the pursuit of the case had they needed to worry about, oh, say, products or even customers.

no widespread use

If it's patented by Cisco it will only be used by cisco, so what good is it? Remember that the BSD TCP stack made TCP popular, and Novell who had their own protocols IPX/SPX lost to TCP/IP.

What about SCTP? Isn't it a good replacement for TCP?

Re:Some IETF and patent background...

[ninjaz]

No, I'm not sure. Don't mistake me for an expert on this set of vulnerabilities. I was going by what was said in the link and on the OpenBSD misc@ mailing list.

According to some messages on the list, Cisco was one of the worst affected by the recently announced set of TCP vulnerabilities, and OpenBSD had only minimal exposure in the first place.

It strikes me that this may be PR ploy on Cisco's part to cover up for their past mistakes by appearing to rush to the rescue with a patent pending solution. They'll even graciously let others use them in exchange for cross-licensing. After all, if it's pending a patent, those Cisco guys must be really on the ball ...right? ;)

Personally, I trust the OpenBSD project a great deal more than Cisco when it comes to security. I mean, OpenBSD wasn't even vulnerable to the no-workaround backdoor password issue!

Luckily in that case, locking a user account had a considerable amount of prior art.

Re:OpenBSD

You might also find this of interest:

http://marc.theaimsgroup.com/?l=openbsd-misc&m=1 08 432660625483&w=2