A number of companies, including GoPro, Sony and Yahoo, are being sued because their websites are said to use a version of HTTPS that infringes a patent relating to encryption.
The Register reports that Texas-based company CryptoPeak Solutions is in possession of a patent which describes a series of “auto-escrowable and auto-certifiable cryptosystems”. While the details gets pretty technical, the gist of the company’s claim is simple: it reckons that websites which use elliptic curve cryptography to create secure HTTPS connections violate its patent.
Turns out, lots of companies use elliptic curve cryptography to create secure HTTPS connections on their websites.
CryptoPeak has been busy developing legal cases since July, according to The Register. So far, it’s levelled its sites at companies including Pinterest, Netflix, Sony Yahoo, Best Western, and Experia; in total, it’s pursuing 66 different organisations.
It’s unclear if the cases will be successful or not. The patent certainly describes some of the key tenets of elliptic curve cryptography, including generating and publishing public keys, but it’s not obvious that it corresponds directly to its implementation in HTTPS connections. CryptoPeak doesn’t seem to have much of an online presence, and The Register goes as far as writing that "[s]ome people might even call it a 'patent troll'".
Image by Yuri Samoilov under Creative Commons license