Message: Security startup sues Microsoft for patent infringement
Security startup sues Microsoft for patent infringement
By Ed Sperling -- Electronic News, 2/16/2007
A Scotts Valley, Calif.-based startup is taking on giant Microsoft, accusing the giant software maker of misusing its intellectual property for secure communication over the Internet.
VirnetX filed suit against Microsoft in U.S. District Court for the Northern District of California over two communications patents. One involves a 2002 patent that VirnetX received for its “Agile network protocol” for secure communications and assured system availability. The second patent, issued in 2005, has to do with secure communication over the Internet without the user entering any encryptographic information.
While the suit may be interesting to software security companies, the legal papers provide a rare glimpse into the security options that are available to software makers and the potential risks involved in each.
The suit says that there are numerous solutions available, depending upon whether the goal is to prevent eavesdropping or to prevent anyone from finding out there is communication under way in the first place between two computers. “Anonymity would…be an issue, for example, for companies that want to keep their market research interests private and thus would prefer outsiders from knowing which web sites or other Internet resources they are visiting,” the legal papers say, noting that data security is usually addressed by using encryption at both the originating and terminating terminals.
The papers note that traffic can be hidden from a local administrator or ISP using a local proxy server communicating over an encrypted channel But that relies on a trusted outside proxy server, which can be analyzed for traffic. To defeat that analysis, a scheme called “Chaum’s mixes” uses a proxy server that transmits and receives fixed-length messages, including dummy messages from multiple servers. But even the mixing server can be compromised, so that risk has to be spread out among multiple mixes.
ADVERTISEMENT
Another anonymity technique, according to the papers, is called “crowds.” The identity of the originating terminal is one of a number of terminals, and the message can be sent from any one of them.
A third solution is zero-knowledge systems, which allows users to select up to five different pseudonyms. Pseudonyms are wrapped around encrypted messages, and at each “hop” one layer of encryption is stripped off and a new one is added, and at the final server the message is decrypted with an untraceable IP address—a method called “onion routing.”
A fourth solution is the firewall, but the legal papers say that firewalls provide a false sense of security because they can be compromised by virtual machine applications, otherwise referred to as applets.
The Tunnel Agile Routing Protocol, which is the technology in dispute, uses a two-layer encryption format and special routers with one or more IP addresses. The message is hidden behind an inner layer of encryption in the protocol packet, but the key to that encryption isn’t available to any of the intervening routers—something that is made even more secure by the addition of dummy data to the traffic flow.
Want to read more? Sign up for CourtLink.
New Message
Please
login
to post a reply