Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intuit Beats SSL Patent Troll That Defeated Newegg

Posted by Unknown on from the better-late-than-never dept.

Last fall, Newegg lost a case against patent troll TQP for using SSL with RC4, despite arguments from Diffie of Diffie-Hellman key exchange. Intuit was also targeted by a lawsuit for infringing the same patent, and they were found not to be infringing. mpicpp (3454017) sends this excerpt from Ars: U.S. Circuit Judge William Bryson, sitting "by designation" in the Eastern District of Texas, has found in a summary judgment ruling (PDF) that the patent, owned by TQP Development, is not infringed by the two defendants remaining in the case, Intuit Corp. and Hertz Corp. In a separate ruling (PDF), Bryson rejected Intuit's arguments that the patent was invalid. Not a complete victory (a clearly bogus patent is still not invalidated), but it's a start.

15 of 59 comments (clear)

  1. arguably stronger by Anonymous Coward · · Score: 2, Interesting

    Modern browsers workaround the limitations or have TLS 1.1 or better. If you may be faced with clients that implement neither the workaround or TLS 1.1, rc4 can be better by virtue of being a stream cipher since TLS 1.0 flubbed the IV

  2. Which proves judges are stupid by Gothmolly · · Score: 5, Insightful

    Q: "How do you know so much about key exchange?"
    A: "I invented it in the 70s."
    Q: "Fail, you lose."

    -vs-

    Q: "How can you prove this is prior art?"
    A: "Blah-biddy blah blah legal legal blah."
    Q: "Seems legit. Intuit wins."

    --
    I want to delete my account but Slashdot doesn't allow it.
  3. It's not the infringement that's the issue by X10 · · Score: 3

    it's the patents that are bogus. Judges need to invalidate more patents, they need to invalidate all software patents.

    --
    no, I don't have a sig
    1. Re:It's not the infringement that's the issue by Chrisq · · Score: 4, Insightful

      it's the patents that are bogus. Judges need to invalidate more patents, they need to invalidate all software patents.

      But we're talking about Eastern District of Texas

    2. Re:It's not the infringement that's the issue by bluefoxlucid · · Score: 3, Insightful

      Many software patents are valid and novel. Software is a description of an algorithm to do a thing. Some software patents are well-known algorithms implemented on a computer, which has no standing; others are brand new algorithms, which are mathematical processes people have discovered to accomplish tasks.

      Many compression algorithms use new techniques to achieve better results, especially with lossy encoding. The original JPEG algorithm used a Discrete Cosine Transform to change color into a precision-driven space, which you could then simply cut precision away from and compress more readily. The transformation of color intensity values per pixel to a more general mapping using the same space but able to approximate was novel. AAC uses an audio technique which biases a PRNG to produce something perceptually similar to the original even though it's technically noise, another novel technique.

      These are no different than using a screw, but in a car engine, in the exhaust stream, as a turbine to drive a forced air aspirator. At the time, the concept of using a turbine to power forced air induction from the waste heat of the engine was novel (exhaust stream would have no pressure if you chilled it to intake temperature). Hell, an integrated circuit is just a PCB, but built out of etched substrate.

      --
      Support my political activism on Patreon.
    3. Re:It's not the infringement that's the issue by N7DR · · Score: 5, Insightful

      it's the patents that are bogus. Judges need to invalidate more patents, they need to invalidate all software patents.

      Putting aside the entire issue of software patents, the legal standards for invalidating a patent are rather high. I have seen many patents which we would all likely agree should be invalidated either for obviousness or because there's prior art; but actually meeting the necessary criteria to prove that conclusively to a judge or jury would have been impossible.

      It has evolved this way because of the built-in assumption that the Patent Office does its job correctly, and therefore patents are assumed by courts to be valid and there is a fairly heavy burden imposed to prove otherwise. If the assumption is valid, then this isn't an obviously-bad system; but if it isn't valid, then it quickly becomes an expensive, frustrating situation for defendants.

    4. Re:It's not the infringement that's the issue by nomanisanisland · · Score: 3, Insightful

      The ability to create many copies of something for virtually free has nothing to do with whether it is patentable or not. Abstract mathematical formulas and algorithms are not patentable, but their application in something tangible is patentable.

      The real issue isn't whether software patents as a class are valid or not in general - they are under current laws, even though some specific cases are not - no, the real issue is whether they should be patentable going forward. People forget that the concept of patents aren't an innate or natural right, but rather something invented for the purpose of incentizing R&D, and disclosing the invention so that others can see how it works instead of it being a trade secret. The question is if those benefits would not happen if there were no patents for software.

    5. Re:It's not the infringement that's the issue by JMZero · · Score: 2

      I agree with you in principle (and I think it's silly you got marked troll). To me the test for a patent's validity should be vaguely: assuming you wanted to do X, would a skilled person with access to relevant area knowledge quickly or obviously come up with solution Y. In the cases you've listed, I think the answer is "no" - and those smell like valid, patentable ideas (though I couldn't actually judge without knowing the landscape and what was common knowledge/technique at the times of invention). However, in many software patent cases, I feel like the patent is being awarded, essentially, for "doing X" in an obvious way (simply because X hasn't been done or done often).

      I also think patent duration should be shorter across the board. Things can spin up faster than they used to; 20 years is an eternity when we're talking about technology or software - on balance, I think we'd be better served by much shorter durations.

      --
      Let's not stir that bag of worms...
    6. Re:It's not the infringement that's the issue by sjames · · Score: 2

      The problem is that the USPTO assumes the courts can work out the validity for them and they rubber stamp things when they don't have a relevant expert in the art (or if they're busy, or it's Tuesday).

  4. Best line ever... by pla · · Score: 2

    "In addition to the disagreement between the parties as to the meaning of the agreed-upon claim construction"

    I don't fully speak legalese, but the ruling had me literally LOL'ing. The threw everything from grammar naziism to stare decisis.

  5. Re:WAT by Anonymous Coward · · Score: 2, Informative

    It is not of high quality.

    http://en.wikipedia.org/wiki/RC4#Security

    http://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628

    http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx

    https://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html

    http://www.networkworld.com/article/2164421/security/potential-weakness-in-ssl-tls-security-downplayed-by-certificate-group.html

  6. "Clearly bogus"? by Anonymous Coward · · Score: 2, Insightful

    Can someone please explain why the original patent is "clearly bogus"? Just because it's being wrongly applied to situations it was never meant to cover doesn't make the patent itself wrong.

    If Swingline uses stapler patents to sue Mozilla over pinning browser tabs, that doesn't invalidate the stapler patents themselves. (Does it?)

  7. Re:WAT by SJ2000 · · Score: 2

    Just like the Leaning Tower of Pisa has never fallen down!

  8. Re:WAT by SJ2000 · · Score: 4, Informative

    Yes you can. There are many types of cryptographic weakness (Eg: an attack that reduces the effective key space) but specifically regarding RC4, there are weaknesses which make it difficult to use properly in common scenarios.

  9. Re:WAT by bluefoxlucid · · Score: 2

    You only need to avoid 256 IVs for that key scheduling algorithm weakness. The layout is very well-known, and it's only important for repeated use of the same key: SSL doesn't suffer from this, as it generates a random key for each session; WEP does, as it uses a permanent pre-shared key for all sessions, initialized with each packet.

    By contrast, AES lets you eliminate 2 bits from its cryptographic brute force space just by being AES. It's also vulnerable to other attacks in fewer rounds implementations, but those attacks are not relevant because AES specifies 9 rounds at 128 bit and 14 at 256 bit. You can crack Rijindael 256-bit with 5 rounds, but that's not AES.

    --
    Support my political activism on Patreon.