PATENT
|
|
U.S. Patent 4,405,829 was awarded to the Massachusetts Institute of
Technology on September 20, 1983 for its "Cryptographic communications
system and method." The three inventors, which the patent is named after,
are Ronald Rivest, Adi Shamir, and Leonard Adleman. The patent expires 17
years from the date it was issued, Sept 21, 2000.
The RSA cryptosystem, as described in the patent, is a public-key cryptosystem that offers both encryption and digital signatures. The cryptosystem is able to encrypt and create digital signatures by taking advantage of the fact that factoring is a "hard" mathematical problem. Factoring is actually one of three commonly used "hard problems" for cryptography; the other two are the discrete logarithm problem and elliptic curves. The RSA cryptosystem has been incorporated into popular products such as Secure Socket Layer (SSL) and Secure Shell (SSH) as well as numerous other commercial products.
|
RSA Security, Inc. |
ISSUES
|
|
RSA to date is primarily used for
exchanging cryptographic keys in order to authenticate parties involved in
secure or unsecured transactions. Although RSA can be used for encryption,
RSA turns out to be much slower that other popular versions of encryption
methods such as DES. However, RSA is usually used in combination with
these technologies to create secure channels of communication.
RSA Security and the Massachusetts Institute of Technology have been very lenient in the licensing of the RSA algorithm especially towards use in non-commercial sectors. However, despite RSA's benevolence disputes over the RSA patent have come forth. The original publication of the RSA Public Key algorithm appeared in 1976, less than a year before the filing of the patent. By the time that the patent was issued to RSA and MIT in 1983, most software developers had considered the RSA algorithm to be prior art and started development of cryptographic systems employing the algorithm. Trifling over the RSA's patent was highlighted during 1997 after Philip Zimmerman developed Pretty Good Privacy in the early '90s. PGP is a fast encryption method initially used for authenticating users by using RSA keys. Legally RSA was clearly in the right, but PGP despite its merits had to use RSA primarily for RSA's stronghold on industry. RSA Securities and the PGP group struggled for several months and concluded with RSA maybe incorporated for non-commercial use of PGP.
|
PGP |
OUTCOME
|
|
After receiving the patent for its Public-Key cryptosystem in 1983, RSA
along with MIT started enforcing its claim to the patent. Commercial
developers at the time had no choice but to comply with RSA's demands
since no other public domain alternatives were available.
Since 1983, RSA has grown to be the industry standard for Public-Key cryptography. RSA has faced very little competition in the Public-Key cryptography business. However, in recent years Cylink has emerged as RSA's largest competitor. Cylink shared the Diffie-Hellman patent with Stanford. The Diffie-Hellman algorithm was the first Public-Key cryptosystem developed by Diffie and Hellman while at Stanford in 1976. Stanford held the patent for the Diffie-Hellman algorithm until 1997 at which point it became public domain. Since the patent for Diffie-Hellman expired, viable alternatives to RSA have been emerging. PGP was able to remove its dependence on RSA by using a combination of Diffie-Hellman and Cylink's DSS standard. The RSA patent on Public-Key cryptosystems will expire on September 21, 2000. RSA may then be used for commercial and non-commercial use for free.
|
Alternatives to RSA |
ANALYSIS
|
|
The RSA patent over the last 17 has brought RSA Security great amount of
success as well as provided industry with a standard for a secure
Public-Key cryptosystem. As a result a lot of research, development, and
verification has gone into RSA.
The flip side to RSA becoming an industry standard is that it became difficult for software developers to deploy cryptographic software without paying large licensing fees to RSA Security. Philip Zimmerman's PGP success as a method for authenticating emails was heavily depended on RSA. Had RSA not allowed for free non-commercial use of RSA, PGP would probably not been a viable encryption method until 1997 when the Diffie-Hellman patent expired.
|
Last modified: Mon Jun 5 01:05:48 PDT 2000 |