MQV and other ECC patent examples from the software company Certicom have been licensed by the National Security Agency (NSA) in a deal valued at $25 million.

Elliptic curve cryptography (ECC), a type of cryptography used to secure information online, is useful in a variety of applications:

  • The United States government uses it to protect its internal communications.
  • The Tor Project is using it to help guarantee anonymity.
  • It is used to verify who owns bitcoins.
  • Apple's iMessage service uses ECC to provide signatures.
  • It's used to make sure web browsing is secure.
  • It's used for DNSCurve.

However, this technology has not been accepted universally. There is uncertainty about patent-related issues surrounding ECC. For example, an ECC patch was submitted to the OpenSSL team in 2002 but was only accepted in 2005.

In May 2007, Certicom filed a lawsuit against Sony claiming Sony had violated Certicom's patents with regard to the specific method of cryptography used. Later, in 2009, the court dismissed the lawsuit.

CryptoPeak Solutions LLC is suing more than 70 major companies that have allegedly infringed on U.S. patent laws related to cryptosystems. CryptoPeak Solutions LLC claims that any website delivering secure HTTP content with ECC digital certificates is in violation of its patent. However, a variety of legal and technical experts have labeled this action “patent trolling.”

Increasing Reliance on Encryption

Since Edward Snowden brought government-run global surveillance programs to light, encryption has become increasingly more important. Today, online services and technology companies are using encryption to:

  • Protect data sent by a user to a domain.
  • Protect data received by a user from a domain.
  • Reduce the danger of hacking.

An increasing number of websites are using ECC to provide their users with adequate security protocols. This is an important component of online privacy. While RSA, Diffie-Hellman, and other first-generation cryptographic algorithms are still the most commonly used, ECC is becoming increasingly popular for security and privacy online.

There are many benefits to using ECC. It saves power, computational resources, and time, both for the browser and the server. This helps make the internet both more secure and faster. However, there are challenges related to elliptic curves. A number of uncertainties and questions have prevented companies from accepting them completely. For example, an algorithm that has made news recently is the Dual Elliptic Curve Deterministic Random Bit Generator.

The National Institute of Standards and Technology has standardized this number generator, which is also backed by the NSA. Using elliptic curves, it generates numbers that appear to be random. The algorithm operates by carrying out a “dot” operation on an elliptic curve repeatedly. Reports later revealed that the algorithm might have been designed with a way for somebody who had the correct secret number to fully predict the final sequence generated.

These days, cynical cryptographers around the world generally distrust the National Institute of Standards and Technology, as well as all the standards it has produced. This includes almost every widely implemented elliptic curve. While no attacks on curves like this have been documented, the fact remains that bad curves exist. This is despite the fact that the curves are chosen based on the efficiency of their arithmetic. Many experts prefer to err on the side of greater caution.

Certicom is the world's supreme authority on encryption security, thanks to its history as an ECC trailblazer. Certicom was bought out by BlackBerry in 2009 and has a monopoly over a multitude of protocols for patented encryption. This means BlackBerry now has a great advantage in its auto business, seeing as cars require encryption. Thanks to Certicom's ongoing expansion of potential customers, BlackBerry also has a fantastic opportunity.

RSA Laboratories has noted that it is not the representation or prime that is patented, but rather the implementation technique. There are ways around the patents, thanks to the existence of alternative means of implementation.

If you need help with an ECC patent, you can post your legal need on UpCounsel's marketplace. UpCounsel accepts only the top 5 percent of lawyers to its site. Lawyers on UpCounsel come from law schools such as Harvard Law and Yale Law and average 14 years of legal experience, including work with companies like Google, Menlo Ventures and Airbnb.