From: Robert W. Shirey (6/15/93) To: infsecur@mitre.org, pem-dev@tis.com Mail*Link¨ SMTP NIST and PKP agree re DSA l Received: by iegate.mitre.org with SMTP;15 Jun 1993 08:48:22 U Received: from mwunix.mitre.org by mbunix.mitre.org (911016.SGI/4.7) id AA26270; Tue, 15 Jun 93 08:42:41 -0400 Return-Path: Received: by mwunix.mitre.org (5.65c/SMI-2.2) id AA13719; Tue, 15 Jun 1993 08:41:01 -0400 Received: from smiley.mitre.org.sit (smiley.mitre.org) by mwunix.mitre.org (5.65c/SMI-2.2) id AA13654; Tue, 15 Jun 1993 08:40:48 -0400 Organization: The MITRE Corp. Received: from [128.29.140.100] (shirey-mac.mitre.org) by smiley.mitre.org.sit (4.1/SMI-4.1) id AA26216; Tue, 15 Jun 93 08:39:21 EDT Message-Id: <9306151239.AA26216@smiley.mitre.org.sit> Date: Tue, 15 Jun 1993 08:41:37 -0500 To: infsecur@mitre.org, pem-dev@tis.com From: shirey@mitre.org (Robert W. Shirey) X-Sender: shirey@128.29.140.20 Subject: NIST and PKP agree re DSA license X-Mdf: fnc re-routed to "fnc@mbunix.mitre.org" Path: linus.mitre.org!linus!agate!howland.reston.ans.net!math.ohio-state.edu!sdd ..hp.com!elroy.jpl.nasa.gov!usc!rand.org!jim From: jim@rand.org (Jim Gillogly) Newsgroups: sci.crypt Subject: DSA: NIST and PKP come to terms Message-ID: <16860@rand.org> Date: 11 Jun 93 20:56:44 GMT Sender: news@rand.org Organization: Banzai Institute Lines: 153 Nntp-Posting-Host: mycroft.rand.org This text was transcribed from a fax and may have transcription errors. We believe the text to be correct but some of the numbers may be incorrect or incomplete. --------------------------------------------------------------------- ** The following notice was published in the Federal Register, Vol. 58, No. 108, dated June 8, 1993 under Notices ** National Institute of Standards and Technology Notice of Proposal for Grant of Exclusive Patent License This is to notify the public that the National Institute of Standards and Technology (NIST) intends to grant an exclusive world-wide license to Public Key Partners of Sunnyvale, California to practice the Invention embodied in U.S. Patent Application No. 07/738.431 and entitled "Digital Signature Algorithm." A PCT application has been filed. The rights in the invention have been assigned to the United States of America. The prospective license is a cross-license which would resolve a patent dispute with Public Key Partners and includes the right to sublicense. Notice of availability of this invention for licensing was waived because it was determined that expeditious granting of such license will best serve the interest of the Federal Government and the public. Public Key Partners has provided NIST with the materials contained in Appendix A as part of their proposal to NIST. Inquiries, comments, and other materials relating to the prospec- tive license shall be submitted to Michael R. Rubin, Active Chief Counsel for Technology, Room A-1111, Administration Building, National Institute of Standards and Technology, Gaithersburg, Maryland 20899. His telephone number is (301) 975-2803. Applica- tions for a license filed in response to this notice will be treated as objections to the grant of the prospective license. Only written comments and/or applications for a license which are received by NIST within sixty (60) days for the publication of this notice will be considered. The prospective license will be granted unless, within sixty (60) days of this notice, NIST receives written evidence and argument which established that the grant of the license would not be consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. Dated: June 2, 1993. Raymond G. Kammer Acting Director, National Institute Standards and Technology. Appendix "A" The National Institute for Standards and Technology ("NIST") has announced its intention to grant Public Key Partners ("PKP") sublicensing rights to NIST's pending patent application on the Digital Signature Algorithm ("DSA"). Subject to NIST's grant of this license, PKP is pleased to declare its support for the proposed Federal Information Processing Standard for Digital Signatures (the "DSS") and the pending availability of licenses to practice the DSA. In addition to the DSA, licenses to practice digital signatures will be offered by PKP under the following patents: Cryptographic Apparatus and Method ("Diffie-Hellman") No. 4,200,770 Public Key Cryptographic Apparatus and Method ("Hellman-Merkle") No. 4,315,552 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig") No. 4,434,414 Method For Identifying Subscribers And For Generating And Verifying Electronic Signatures In A Data Exchange System ("Schnorr") No. 4,995,082 It is PKP's intent to make practice of the DSA royalty free for personal, noncommercial and U.S. Federal, state and local government use. As explained below, only those parties who enjoy commercial benefit from making or selling products, or certifying digital signatures, will be required to pay royalties to practice the DSA. PKP will also grant a license to practice key management, at no additional fee, for the integrated circuits which will implement both the DSA and the anticipated Federal Information Processing Standard for the "key escrow" system announced by President Clinton on April 16, 1993. Having stated these intentions, PKP now takes this opportunity to publish its guidelines for granting uniform licenses to all parties having a commercial interest in practicing this technology: First, no party will be denied a license for any reason other that the following: (i) Failure to meet its payment obligations, (ii) Outstanding claims of infringement, or (iii) Previous termination due to material breach. Second, licenses will be granted for any embodiment sold by the licensee or made for its use, whether for final products software, or components such as integrated circuits and boards, and regard- less of the licensee's channel of distribution. Provided the requisite royalties have been paid by the seller on the enabling component(s), no further royalties will be owned by the buyer for making or selling the final product which incorporates such components. Third, the practice of digital signatures in accordance with the DSS may be licensed separately from any other technical art covered by PKP's patents. Fourth, PKP's royalty rates for the right to make or sell products, subject to uniform minimum fees, will be no more than 2 1/2% for hardware products and 5% for software, with the royalty rate further declining to 1% on any portion of the product price exceeding $1,000. These royalty rates apply only to noninfringing parties and will be uniform without regard to whether the licensed product creates digital signatures, verifies digital signatures or performs both. Fifth, for the next three (3) years, all commercial services which certify a signature's authenticity for a fee may be operated royalty free. Thereafter, all providers of such commercial certification services shall pay a royalty to PKP of $1.00 per certificate for each year the certificate is valid. Sixth, provided the foregoing royalties are paid on such products or services, all other practice of the DSA shall be royalty free. Seventh, PKP invites all of its existing licensees, at their option, to exchange their current licenses for the standard license offered for DSA. Finally, PKP will mediate the concerns of any party regarding the availability of PKP's licenses for the DSA with designated representatives of NIST and PKP. For copies of PKP's license terms, contact Michael R. Rubin, Acting Chief Counsel for Technolo- gy, NIST, or Public Key Partners. Dated: June 2, 1993. Robert B. Fougner, Esq., Director of Licensing, Public Key Partners, 310 North Mary Avenue, Sunnyvale, CA 94033 [FR Doc. 93-13473 Filed 8-7-93; 8:45 am] --------------------------------------------------------------------- Forwarded by: -- Jim Gillogly Trewesday, 21 Forelithe S.R. 1993, 20:56 --------------------------------------------------------------------------- Path: linus.mitre.org!linus!agate!usenet.ins.cwru.edu!magnus.acs.ohio-state.edu! math.ohio-state.edu!usc!elroy.jpl.nasa.gov!nntp-server.caltech.edu!hal From: hal@cco.caltech.edu (Hal Finney) Newsgroups: sci.crypt Subject: Re: DSA: NIST and PKP come to terms Date: 12 Jun 1993 05:06:51 GMT Organization: California Institute of Technology, Pasadena Lines: 59 Message-ID: <1vbo9bINN1n0@gap.caltech.edu> References: <16860@rand.org> NNTP-Posting-Host: alumni.caltech.edu jim@rand.org (Jim Gillogly) forwards: >This is to notify the public that the National Institute of >Standards and Technology (NIST) intends to grant an exclusive >world-wide license to Public Key Partners of Sunnyvale, California >to practice the Invention embodied in U.S. Patent Application No. >07/738.431 and entitled "Digital Signature Algorithm." And so it appears that another patent jewel will be added to the crown worn by PKP, the de facto owner of cryptographic technology in the United States. They will have an exclusive license to the DSA, as they already do to RSA and most other worthwhile encryption technologies. This also appears to put to rest the much-publicized feud between RSA and NIST/NSA. Conspiracy theorists can now comfortably return to the position that PKP/RSADSI is actually an arm of the NSA, dedicated to restricting and delaying access to strong cryptography as much as possible. >Notice of availability of this invention for licensing >was waived because it was determined that expeditious granting of >such license will best serve the interest of the Federal Government >and the public. Once again we are presented with a fait accompli; no other organizations were given an opportunity to bid for the licensing of this patent. The government prefers to see PKP holding the keys to all cryptography in the U.S. Remember how Clipper's technology was similarly assigned to particular corporations on a non-competitive basis? >Subject to NIST's grant of this license, PKP is pleased to declare >its support for the proposed Federal Information Processing >Standard for Digital Signatures (the "DSS") and the pending >availability of licenses to practice the DSA. And what of the technical objections to DSA/DSS raised in earlier documents by officials of RSADSI, such as in the recent CACM? No doubt those objections are now moot. >PKP will also grant a license to practice key management, at no >additional fee, for the integrated circuits which will implement >both the DSA and the anticipated Federal Information Processing >Standard for the "key escrow" system announced by President Clinton >on April 16, 1993. So PKP is now supporting key escrow and Clipper. Can anyone seriously argue that this company is a friend to supporters of strong cryptography? These are dark times indeed. PKP has thrown in with the government, getting behind DSS and Clipper in exchange for exclusive licensing rights. Their ownership of DH and RSA will make it that much harder for any competition to Clipper to arise. If the 60-day comment period really means anything, perhaps public criticism can be effective here. There is much to be concerned about in this announcement. Hal Finney hal@alumni.caltech.edu --------------------------------------------------------------------------- Newsgroups: sci.crypt Path: linus.mitre.org!linus!enterpoop.mit.edu!gatech!howland.reston.ans.net!xlin k.net!math.fu-berlin.de!news.netmbx.de!Germany.EU.net!mcsun!news.funet.fi!funic! nntp.hut.fi!kampi.hut.fi!alo From: alo@kampi.hut.fi (Antti Louko) Subject: Re: DSA: NIST and PKP come to terms Message-ID: <1993Jun12.132118.3438@nntp.hut.fi> Sender: usenet@nntp.hut.fi (Usenet pseudouser id) Nntp-Posting-Host: kampi.hut.fi Organization: Helsinki University of Technology References: <16860@rand.org> <1vbo9bINN1n0@gap.caltech.edu> Date: Sat, 12 Jun 1993 13:21:18 GMT Lines: 17 In article <1vbo9bINN1n0@gap.caltech.edu> hal@cco.caltech.edu (Hal Finney) writes: ..jim@rand.org (Jim Gillogly) forwards: .. ..>This is to notify the public that the National Institute of ..>Standards and Technology (NIST) intends to grant an exclusive ..>world-wide license to Public Key Partners of Sunnyvale, California ..>to practice the Invention embodied in U.S. Patent Application No. ..>07/738.431 and entitled "Digital Signature Algorithm." .. ..And so it appears that another patent jewel will be added to the crown ..worn by PKP, the de facto owner of cryptographic technology in the United ..States. They will have an exclusive license to the DSA, as they already ..do to RSA and most other worthwhile encryption technologies. I think this is quite rational act from PKP. Their RSA patent will expire in January 2001. If they promote DSA and everyone starts using it, they still exist after that time. --------------------------------------------------------------------------- Newsgroups: sci.crypt Path: linus.mitre.org!linus!enterpoop.mit.edu!gatech!darwin.sura.net!sgiblab!new s.cs.indiana.edu!mvanheyn@cs.indiana.edu From: Marc VanHeyningen Subject: Re: DSA: NIST and PKP come to terms Message-ID: <8514.739897035@moose.cs.indiana.edu> Sender: mvanheyn@cs.indiana.edu Organization: Computer Science Dept, Indiana University References: <16860@rand.org> Date: Sat, 12 Jun 1993 09:57:15 -0500 Lines: 103 Thus said jim@rand.org (Jim Gillogly): >This is to notify the public that the National Institute of >Standards and Technology (NIST) intends to grant an exclusive >world-wide license to Public Key Partners of Sunnyvale, California >to practice the Invention embodied in U.S. Patent Application No. >07/738.431 and entitled "Digital Signature Algorithm." A PCT >application has been filed. The rights in the invention have been >assigned to the United States of America. Hmmm... and here I thought a significant part of the idea behind creating a DSS was to make a standard unencumbered by patents. I could see granting PKP royalties until such time as the patents which it claims cover the DSA expire, but filing a new patent is something else entirely... >The prospective license is a cross-license which would resolve a >patent dispute with Public Key Partners and includes the right to >sublicense. Notice of availability of this invention for licensing >was waived because it was determined that expeditious granting of >such license will best serve the interest of the Federal Government >and the public. Public Key Partners has provided NIST with the >materials contained in Appendix A as part of their proposal to >NIST. Don't you love sentences that a totally devoid of meaningful content? Particularly ones that are in the passive voice. "This was waived because someone (we don't say who) decided (we don't say why) it was best." >The National Institute for Standards and Technology ("NIST") has >announced its intention to grant Public Key Partners ("PKP") >sublicensing rights to NIST's pending patent application on the >Digital Signature Algorithm ("DSA"). Note that they say "sublicensing rights", not "exclusive sublicensing rights" which would be more conventional. Not sure what, if anything, this means. >Subject to NIST's grant of this license, PKP is pleased to declare >its support for the proposed Federal Information Processing >Standard for Digital Signatures (the "DSS") and the pending >availability of licenses to practice the DSA. In addition to the Does this mean RSADSI's technical objections are now just so much fluff? >DSA, licenses to practice digital signatures will be offered by PKP >under the following patents: > > Cryptographic Apparatus and Method ("Diffie-Hellman") > No. 4,200,770 > Public Key Cryptographic Apparatus and Method > ("Hellman-Merkle") No. 4,315,552 ^^^^^^^^^ 4,218,582 > Exponential Cryptographic Apparatus and Method > ("Hellman-Pohlig") No. 4,434,414 ^^^^^^^^^ 4,424,414 > Method For Identifying Subscribers And For Generating > And Verifying Electronic Signatures In A Data Exchange > System ("Schnorr") No. 4,995,082 Note that patent No. 4,405,829 ("RSA") is not in the above list. Interesting. If licensing of DSA et al is to be separate from licensing of RSA, it becomes in PKP's interest to encourage DSA over RSA (through pricing and the like) since those patents last longer, regardless of the technical merits of each method. >It is PKP's intent to make practice of the DSA royalty free for >personal, noncommercial and U.S. Federal, state and local >government use. As explained below, only those parties who enjoy >commercial benefit from making or selling products, or certifying >digital signatures, will be required to pay royalties to practice >the DSA. It isn't clear here whether that means anybody will be allowed to make a "Pretty Good Authentication" package for noncommercial use or whether some kind of "DSAREF" package will be made available by RSADSI and only it will be licensed. At least DSA shouldn't be hampered by export restrictions... >Third, the practice of digital signatures in accordance with the >DSS may be licensed separately from any other technical art covered >by PKP's patents. Yup; DSA may be licensed separately and thus can be encouraged over other mechanisms. >Fourth, PKP's royalty rates for the right to make or sell products, >subject to uniform minimum fees, will be no more than 2 1/2% for >hardware products and 5% for software, with the royalty rate >further declining to 1% on any portion of the product price >exceeding $1,000. These royalty rates apply only to noninfringing >parties and will be uniform without regard to whether the licensed >product creates digital signatures, verifies digital signatures or >performs both. Curious. I would have expected verifying signatures to be available more cheaply (or free) to encourage availability. -- Marc VanHeyningen mvanheyn@cs.indiana.edu MIME & RIPEM accepted Is there any such thing as wisdom not applied to life? - Thoreau on neat AI --------------------------------------------------------------------------- ======================================================================