A number of companies, including AT&T, Netflix and Yahoo, are being sued because their websites are said to use a version of HTTPS that infringes a patent relating to encryption.
The Register reports that Texas-based company CryptoPeak Solutions is in possession of a patent which describes a series of “auto-escrowable and auto-certifiable cryptosystems.” While the details get pretty technical, the gist of the company’s claim is simple: it reckons that websites which use elliptic curve cryptography to create secure HTTPS connections violate its patent.
Turns out, lots of companies use elliptic curve cryptography to create secure HTTPS connections on their websites.
CryptoPeak has been busy developing legal cases since July, according to The Register. So far, it’s levelled its sights at companies including AT&T, Pinterest, Netflix, Yahoo, Hyatt Hotels, Best Western, and Experia—in total, it’s pursuing 66 different organizations.
It’s unclear if the cases will be successful or not. The patent certainly describes some of the key tenets of elliptic curve cryptography, including generating and publishing public keys, but it’s not obvious that it corresponds directly to its implementation in HTTPS connections. CryptoPeak doesn’t seem to have much of an online presence, and The Register goes as far as writing that ‘[s]ome people might even call it a “patent troll.”’
Netflix has already filed a motion for dismissal of the case, “because all the claims asserted by CryptoPeak are invalid.” It remains to be seen who will win out.
Image by Yuri Samoilov under Creative Commons license