Patented HOTP One-Time Password Algorithm?
in [Cryptography]
|
Prev: Final Subj: A regular pattern found in the first 301 Million Prime Sums using the log of the golden ratio Lp! (0/1)
Next: On n-gram substitutions [revised]
From: Wolfgang Ehrhardt on 17 Mar 2010 13:02 Dear group, During background info search for the implementation of the HOTP algorithm from RFC 4226 "HOTP: An HMAC-Based One-Time Password Algorithm" I stumbled upon the document <http://www.faqs.org/patents/app/20090313687> with the head lines: "Patent application title: One time password" "Inventors: Nicolas Popp David M'Raihi Loren Hart" "Origin: SAN FRANCISCO, CA US" "Patent application number: 20090313687" Since I am no lawyer I do not know, whether this patent is valid only in US or does in apply in the free world too? In the document (from 2009?) the RFC from 2005 is not mentioned or referenced although one person (D. M'Raihi) is listed as author in the RFC and inventor in the patent document. May be some sci.crypt reader with more understanding of patents can give an advise whether it makes sense to implement the HOTP algorithm in an open source library. Any help appreciated Wolfgang
From: Greg Rose on 17 Mar 2010 17:54 In article <4ba107f7.303659(a)news.individual.net>, Wolfgang Ehrhardt <WE(a)completely.invalid> wrote: >Dear group, > >During background info search for the implementation of the HOTP >algorithm from RFC 4226 "HOTP: An HMAC-Based One-Time Password >Algorithm" I stumbled upon the document ><http://www.faqs.org/patents/app/20090313687> with the head lines: > >"Patent application title: One time password" >"Inventors: Nicolas Popp David M'Raihi Loren Hart" >"Origin: SAN FRANCISCO, CA US" >"Patent application number: 20090313687" > >Since I am no lawyer I do not know, whether this patent is valid only >in US or does in apply in the free world too? Well, it is't a patent yet, just an application. If it does become a patent, it would be valid only in the US. But there are many treaties in place that allow a patent in one country to get advanced status in other countries, so they might also get it patented in the EU for example. >In the document (from 2009?) the RFC from 2005 is not mentioned or >referenced although one person (D. M'Raihi) is listed as author in the >RFC and inventor in the patent document. I looked up the detail and it has a "novelty date" (that is, the date they claim it was invented) of 2004-10-15. It also has "Related Applications", meaning other countries where the patent process is also active. My guess without digging further is that they initially applied somewhere else, and have now applied in the US based on that other application. >May be some sci.crypt reader with more understanding of patents can >give an advise whether it makes sense to implement the HOTP algorithm >in an open source library. That's a very difficult question, and I Am Not A Lawyer, so you shouldn't take my advice, even if I gave it, which I won't. :-) Greg. --
From: Greg Rose on 17 Mar 2010 18:07 In article <hnrj2h$m8n$1(a)ihnp4.ucsd.edu>, Greg Rose <ggr(a)nope.ucsd.edu> wrote: >In article <4ba107f7.303659(a)news.individual.net>, >Wolfgang Ehrhardt <WE(a)completely.invalid> wrote: >>Dear group, >> >>During background info search for the implementation of the HOTP >>algorithm from RFC 4226 "HOTP: An HMAC-Based One-Time Password >>Algorithm" I stumbled upon the document >><http://www.faqs.org/patents/app/20090313687> with the head lines: >> >>"Patent application title: One time password" >>"Inventors: Nicolas Popp David M'Raihi Loren Hart" >>"Origin: SAN FRANCISCO, CA US" >>"Patent application number: 20090313687" >> >>Since I am no lawyer I do not know, whether this patent is valid only >>in US or does in apply in the free world too? > >Well, it is't a patent yet, just an application. >If it does become a patent, it would be valid only >in the US. But there are many treaties in place >that allow a patent in one country to get advanced >status in other countries, so they might also get >it patented in the EU for example. > >>In the document (from 2009?) the RFC from 2005 is not mentioned or >>referenced although one person (D. M'Raihi) is listed as author in the >>RFC and inventor in the patent document. > >I looked up the detail and it has a "novelty date" >(that is, the date they claim it was invented) of >2004-10-15. It also has "Related Applications", >meaning other countries where the patent process >is also active. My guess without digging further >is that they initially applied somewhere else, and >have now applied in the US based on that other >application. > >>May be some sci.crypt reader with more understanding of patents can >>give an advise whether it makes sense to implement the HOTP algorithm >>in an open source library. > >That's a very difficult question, and I Am Not A >Lawyer, so you shouldn't take my advice, even if I >gave it, which I won't. :-) > >Greg. >-- I also just noticed that the summary says, among other things, "The algorithm can be made freely available to the developer community under the terms and conditions of the Internet Engineering Task Force (IETF.)" [sic] If it was me implementing it for open source, I would go ahead and use it. But that's still not advice... Greg. --
From: Wolfgang Ehrhardt on 17 Mar 2010 18:38
On Wed, 17 Mar 2010 22:07:38 +0000 (UTC), ggr(a)nope.ucsd.edu (Greg Rose) wrote: >>I looked up the detail and it has a "novelty date" >>(that is, the date they claim it was invented) of >>2004-10-15. It also has "Related Applications", >>meaning other countries where the patent process >>is also active. My guess without digging further >>is that they initially applied somewhere else, and >>have now applied in the US based on that other >>application. >> ... >>That's a very difficult question, and I Am Not A >>Lawyer, so you shouldn't take my advice, even if I >>gave it, which I won't. :-) ... >I also just noticed that the summary says, among >other things, "The algorithm can be made freely >available to the developer community under the >terms and conditions of the Internet Engineering >Task Force (IETF.)" [sic] > >If it was me implementing it for open source, I >would go ahead and use it. But that's still not >advice... Greg, thank you very much for your digging efforts and the non-advice :) Wolfgang |