An image from the patent called "Auto-escrowable and auto-certifiable cryptosystems." (credit: Auto-escrowable and auto-certifiable cryptosystems patent)

A Texas company is suing some of the biggest names in tech and retail, claiming their HTTPS websites infringe an encryption patent titled "Auto-Escrowable and Auto-Certifiable Cryptosystems." CryptoPeak Solutions has filed about six dozen cases in all, and they began hitting the patent-troll friendly venue of the Eastern District of Texas in July.

The patent's abstract describes the invention, granted in 2001:

A method is provided for an escrow cryptosystem that is overhead-free, does not require a cryptographic tamper-proof hardware implementation (i.e., can be done in software), is publicly verifiable, and cannot be used subliminally to enable a shadow public key system. A shadow public key system is an unescrowed public key system that is publicly displayed in a covert fashion. The keys generated by the method are auto-recoverable and auto-certifiable (abbrev. ARC). The ARC Cryptosystem is based on a key generation mechanism that outputs a public/private key pair and a certificate of proof that the key was generated according to the algorithm. Each generated public/private key pair can be verified efficiently to be escrowed properly by anyone. The verification procedure does not use the private key. Hence, the general public has an efficient way of making sure that any given individual's private key is escrowed properly, and the trusted authorities will be able to access the private key if needed. Since the verification can be performed by anyone, there is no need for a special trusted entity, known in the art as a “trusted third party”. The cryptosystem is overhead free since there is no additional protocol interaction between the user who generates his or her own key, and the certification authority or the escrow authorities, in comparison to what is required to submit the public key itself in regular certified public key systems. Furthermore, the system is designed so that its internals can be made publicly scrutinizable (e.g., it can be distributed in source code form). This differs from many schemes which require that the escrowing device be tamper-proof hardware.

The latest batch of cases was lodged November 25. The cases name AT&T, Costco, Expedia, GoPro, Groupon, Netflix, Pinterest, Shutterfly, Starwood Hotels, Target, and Yahoo, among others. All the lawsuits include virtually identical language.

Read 4 remaining paragraphs | Comments