[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Full Text of Phoenix letter

    To: IETF IP Storage Working Group
    Subject: Phoenix Patents and RFC 2945 
    February 6, 2002
    Dear working group members,
    Regarding the inquiry by working group co-chair David Black into the nature
    of U.S. patent 6,226,383 and its relation to SRP and RFC 2945, this letter
    presents a status update on Phoenix's plans to provide an appropriate
    response for the working group.  This letter also presents a general summary
    of our licensing practices and products in the field of password-based
    cryptography, which I hope will assist you in the planning process.
    Phoenix owns patent 6,226,383 which describes the SPEKE methods for
    zero-knowledge password authentication.  An investigation into exactly how
    this patent relates to RFC 2945 is now underway within the company.  While
    providing guarantees and assurances for use of technology developed by other
    organizations has not been a traditional priority for Phoenix, there is now
    recognition of the need for this working group and others to have clarity in
    this matter, and a position statement will be provided very soon.
    Phoenix Technologies, in part through the acquisition of Integrity Sciences,
    has developed the SPEKE family of zero-knowledge password methods, providing
    both licenses and implementations.  These protocols have been cited and
    studied in numerous research papers over the past several years.  In
    particular, the BSPEKE protocol can provide a plug-and-play upgrade for SRP.
    An Internet Draft discussing these issues is also being prepared.  These
    methods are comparable to the best of any similar methods, and they are
    easily shown to be unencumbered by the other patents in this field.
    It would seem a shame for a new standards effort to avoid zero-knowledge
    password techniques as a purely cost-savings measure, given the choices
    available.  The need for convenient, strong, and inexpensive security
    built-in to the infrastructure of Internet applications is as great today as
    ever.  The SPEKE techniques represent a generational improvement in personal
    authentication, providing strong security with minimal effort.  These
    methods provide the best choices in this field, with the cleanest
    implementations, optimal security, best alignment with standards, and
    easiest license agreements for commercial deployment of zero-knowledge
    password techniques.
    A statement regarding licensing of the SPEKE patent in the context of the
    IEEE 1363 standard is on file with the IEEE, and Phoenix is also committed
    to providing an updated statement in this same time frame that conforms to
    both IEEE and IETF policies assuring reasonable and non-discriminatory
    terms.  But more importantly, as a leading provider to the PC industry,
    Phoenix will stand behind its technology.  Phoenix has a 20-year history of
    broadly licensing products to this industry, and has helped to pioneer many
    widely used standards and technologies that are built-in to the systems that
    we all take for granted.  Our history of cooperation with many of the
    leading companies in the industry makes Phoenix naturally suited to gently
    encouraging the adoption of this new class of strong and convenient security
    David Jablon
    CTO, Phoenix Technologies


Last updated: Tue Feb 12 16:18:08 2002
8732 messages in chronological order