The patent for the first public-key-based encryption technique - the Diffie-Hellman key management system - has expired, and its acceptance as an international standard is expected soon. Diffie-Hellman is the basis for a variety of current security products, from firewalls to email programs, and is a fundamental part of the security and privacy infrastructure on the Internet today.
Cylink, the owner of the patent since 1985, has licensed it to Intel, Cisco, Microsoft, AT&T, Motorola, and IBM, among others, and it has been used to generate nearly 90 percent of Pretty Good Privacy's user keys.
Invented in 1976 by a Stanford professor, Dr. Martin Hellman, and his grad students, Ralph Merkle and Whitfield Diffie, the technique relies on flexible, but complex mathematical algorithms. And though it is more than 20 years old, Diffie-Hellman cryptography is still being used in a wide range of products, including JavaSoft's development tool kits and Certicom's cutting-edge "elliptic curve" encryption engine.
"Now people can get at a standard without paying anyone a licensing fee for a technology that has never been cracked or had a flaw pointed out in it," said Andrew Morbitzer, director of OEM business development at Cylink. "It gets rid of anyone having a choke-hold on the market for electronic commerce or confidentiality applications."
RSA Data Security, a Cylink competitor and public-key crypto heavyweight, holds an exclusive license on the Rivest-Shamir-Adleman public-key crypto system, patented by MIT in 1983. That patent will expire in 2000.
