How broad is the SPEKE patent.

William Arbaugh waa at
Wed Nov 9 10:18:01 PST 2005

You may want to look at EAP-PAX. We tried to engineer around the  
patent land mines in the field when we designed it. This of course  
doesn't mean that someone won't claim it infringes on something.

We also have a proof (not yet published) of security in a random  
oracle model.

Best, Bill

p.s. EAP-PAX is work with my student T. Charles Clancy.

On Nov 9, 2005, at 10:54 AM, Steven M. Bellovin wrote:

> In message <43713115.4942.4A3995E at localhost>, "James A. Donald"  
> writes:
>>    --
>> Does SPEKE claim to patent any uses of zero knowledge
>> proof of possession of the password for mutual
>> authentication, or just some particular method for
>> establishing communications?   Is there any way around
>> the SPEKE patent for mutual authentication and
>> establishing secure communications on a weak passphrase?
> It certainly doesn't claim EKE, by myself and Michael Merritt,  
> since he
> and I invented the field.  Of course, EKE is also patented.
> SRP is patented but royalty-free.  Some of have claimed that it
> infringes the EKE patent; since I don't work for the EKE patent owner
> (Lucent), I've never tried to verify that.
> Radia Perlman and Charlie Kaufman invented PDM specifically as a
> patent-free method.  However, the claim was made that it infringed the
> SPEKE patent.  Since it wasn't patented, there was no one willing to
> spend the money on legal fees to fight that claim, per a story I  
> heard.
> Have a look at 
> for some history.
>         --Steven M. Bellovin,
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to  
> majordomo at

More information about the cypherpunks-legacy mailing list