Texas-based TQP Development is suing technology companies including Intel and Yelp for patent infringement for their use of SSL and transport layer security protocols, according to a report by Ars Technica on Wednesday.
TQP Development alleges the technology infringes on its patent, US Patent No. 5,412,730, which is titled “Encrypted data transmission system employing means for randomly altering the encryption keys.”
Filed in 1995, the patent covers the use of the RC4 encryption algorithm in combination with either the secure sockets layer or transport layer security encryption protocol. The technique is used across many sites on the Internet to encrypt data traveling between them and end users, and TQP has sued hundreds of companies, accusing them of patent infringement, since 2008.
If it is successful in more patent infringement cases, it could have broader implications on web encryption security since Ars Technica says companies have used RC4 encryption because it is immune to an attack that can silently decrypt encrypted data that’s passing between a web server and end-user browser.
TQP has filed patent infringement complaints against Apple and TD Ameritrade. According to Texas Lawyer, other companies targeted by SSL encryption patent suit in October include Mattel and MovieTickets.com.
“For example, when Mattel and/or Mattel’s customers connect to Mattel’s website, a communication link is established between host servers and the client computer,” the patent infringement complaint asserts. “Data transmitted over this communication link comprises a sequence of blocks, and is transmitted as packets in a sequence over the communication link. Certain data transmissions (both from the client computer to the host server, and from the host server to the client computer) are encrypted according to the claimed method.”
Since TQP Development looks to assert its patent on a widely used technology is a patent troll. It is in contrast with many of the other moves to make SSL and transport layer security protocols more secure through collaborative initiatives such as the Trust Assertions for Certificate Keys extension that would allow browsers to detect and block fraudulent SSL certificates.
This use of patents is what many feel is wrong with the patent system as it stands in the US.
In September, software developer PersonalWeb filed a patent complaint against cloud hosting provider Rackspace for the technology used at Rackspace client GitHub.
Talk back: Do you think companies should be able to file patent infringement complaints with such broad reaching security implications? Do you think there is an issue with patent trolls in the technology space? Let us know in a comment.