Cryptographic patents: at war and in peace

Brian Spear *

The UK Patent O�ce, Cardi� Road, Newport, South Wales NP10 8QQ, UK

Abstract

In this article the dichotomy between the concepts of cryptography (``secret writing'') and patents (``lies open'') is explored. From

an early example of encryption, in Sparta in 405 BC, through examples from the Tudor and Stuart monarchs in England, this art is

only occasionally recorded in patent documents, consistent with its almost exclusively military use until very recently.

Like many other things, the very rapid expansion of the Internet into practical business activities has caused a major change in

the patenting pro®le for encryption. Thus the need for a good level of security for transactions on the Internet has seen the number

of patent applications double in the ®rst half of the 1990s, and then double again in just another 3 years. Crown Copyright Ó 2000

Published by Elsevier Science Ltd. All rights reserved.

1. Introduction: de®nition and historical perspective

1.1. Cryptography

Cryptography is derived from the Greek ``kryptos''secret and ``graphos'' writing. It is the technique ofsending messages in such a way that the true meaning ishidden from everyone but the sender and the recipient.An interesting subject for students of mathematics ormilitary history no doubt but seemingly almost by def-inition not expected to be of interest to the patentcommunity, which is concerned with open letters (``lit-terae patentes'').

1.2. Ancient history

One of the ®rst recorded uses was by Lysander ofSparta in 405 BC who was in a crucial stage of his re-lations with the Persian empire. A slave arrived with awritten message but, discarding this, Lysander removedthe man's belt and wrapped it spirally round a cylin-drical baton which transposed the jumble of letters onthe belt into a vital warning message. This saved hisempire. The Romans took these ideas up and JuliusCaesar used a simple letter substitution for his messages,i.e., a cipher. Other people used codes, i.e., replacedwhole words with equivalent words/numbers like a dic-tionary. In either case this seems to have su�ced since

the art of solving ciphers/codes (i.e., cryptoanalysis) hadnot evolved.

1.3. Renaissance Italy and Tudor England

Renaissance Italy was a jumble of competing stateswith rulers like the Borgias and the Medici whose ideasof political morality are well described in the writings ofMachiavelli. Such a background produced a surge ofinterest in secure communications and the ®rst book onthe subject was published in 1518 by Trithemius whowas (oddly enough) a Benedictine monk. He showed indetail how to produce undecipherable messages whichsome considered akin to black magic. In fact all avail-able copies of the book were publicly burnt and he waslucky to avoid being burnt with them! Nevertheless theknowledge spread rapidly and reached England wherethe Protestant Queen Elizabeth was ®ghting to keep herCatholic rivals from the throne. In an inspired move sheappointed Francis Walsingham as her head of intelli-gence. He had been in Italy as a young man and his ®rstact was to set up a spy school including training cryp-toanalysts who managed to crack the Papal ciphers withwhich the Catholic Mary Queen of Scots wrote to theKing of Spain and potential assassins of Elizabeth. Theevidence uncovered was so damning that Mary wasbeheaded in 1587. This set a precedent for the beheadingof Charles the First of England in 1649 (the evidencethat condemned him came from his deciphered corre-spondence) and the Duke of Monmouth in 1685 (deci-phered letters again). Charles the Second of England,

World Patent Information 22 (2000) 177±183

www.elsevier.com/locate/worpatin

* Senior Patent Examiner.

E-mail address: brian.spear@patent.gov.uk (B. Spear).

0172-2190/00/$ - see front matter Crown Copyright Ó 2000 Published by Elsevier Science Ltd. All rights reserved.

PII: S 0 1 7 2 - 2 1 9 0 ( 0 0 ) 0 0 0 4 2 - 9

whatever his other failings, used good ciphers and kepthis head!

2. Early patents

Nearly all cryptographic techniques before the 19thcentury involved paper and pencil methods and, sincetheir use was mainly military/diplomatic, such mechan-ical aids as may have existed were not likely to have beenpatented and published. This changed with the devel-opment of the railways from the 1830s which in turngave a tremendous boost to telegraphy which was badlyneeded to synchronise rail tra�c movements and whoselines were easily laid along the rail tracks. Given thelarge volume of telegraphic tra�c that developed codingwas soon devised to cut down on the amount of key-boarding and, given that some of the messages werecommercially sensitive, it was only a matter of timebefore someone patented a cryptographic machine tocater for their needs. The earliest British patent discov-ered is GB2401 of 1859 (Jules Mouilleron of Paris)which uses several pairs of alphabets, on the outside ofcrank driven rollers, and keywords. This is stated to befor diplomatic purposes but it is also disclosed that a

pocket version is provided for businessmen (see Figs. 1and 2).

3. War ± the mother of innovation

3.1. The industrial revolution

The industrial revolution also brought a vast increasein population and mass armies whose communicationshave proved a nightmare for military security in the 19thand 20th centuries. It is easy to transmit small amountsof data securely if a lot of skilled time can be spentcoding/decoding or by using devices like one-time pads.With one-time pads, both sender and recipient haveidentical small blocks of paper covered with numbers.The sender enciphers his message with the top sheet,which he destroys (or swallows!), and sends the enci-phered message to the recipient who deciphers it with hiscorresponding top sheet. Subsequent messages use thecorresponding second sheets and so on. These are muchloved by spies in ®lms, but what happens if a pad is lostor the correspondents get out of sequence?

3.2. Military needs: simplicity, security and speed

However, the military need is to be able to transmitlarge amounts of data very quickly between numerousrelatively unskilled users and often using telegraph orradio which their enemies could overhear. Simplicity,security and speed are the watchwords and before thiscentury they mainly used block/table ciphers such asVigenere, St. Cyr and Playfair which substitute lettersfor other letters/digits drawn from a prearranged arraylike a completed crossword puzzle. This was easy forsoldiers to use in the ®eld, could be changed at prear-ranged times, and unless eavesdroppers knew what ar-ray was used decipherment was very di�cult. Diplomatshad more time and space so tended to prefer relativelybulky code-books. Code-breakers soon discovered thatanalysis of the frequency of letters and letter groupingsin di�erent languages could be used to crack codes andciphers, however complex; the pioneering work wasdone in Germany by Major Kasicki.

3.3. Military use in the 20th century, during the worldwars

Cryptography has been of crucial importance in 20thcentury warfare. For example, in the First World War(WW1) British code-breakers cracked the German Na-val ciphers which helped neutralise Germany's expen-sively built surface ¯eet. In response, Germany startedunrestricted submarine warfare, and also started nego-tiating with the Mexican government. But British code-breakers had also broken the German diplomatic codes

Fig. 1. GB2401 of 1859.

Fig. 2. GB2401 of 1859.

178 B. Spear / World Patent Information 22 (2000) 177±183

and decrypted a vital telegram, the ``Zimmerman tele-gram''. This document was shown to the USA govern-ment, who then declared war on Germany.

When Germany eventually found out what hadhappened, it was decided to seek out the most advancedcryptographic techniques. The complex Enigma machineresulted, which was used for most German radio com-munications in the Second World War (WW2). Britishcode-breakers, assisted by Polish intelligence services,German operator errors, and the ®rst digital computers,eventually cracked the encryption methods used for theEnigma machines. This was not the only examplethough Germany successfully read some British navalcodes and US diplomatic codes, while the USA crackedthe Purple ciphers of Japan.

In both World Wars cryptography clearly played asigni®cant part in the eventual outcome and the ColdWar followed this trend. Since 1945 military crypto-analysis has been carried out on a massive scale by mostcountries but the methods used and results obtained areusually shrouded in secrecy. However, it is no secret thatsecurity services can read virtually all encrypted com-mercial and private data tra�c. For example, the Britishinitially kept very quiet about their Enigma success and,after WW2, sold o� captured Enigma machines aroundthe world as ``secure communication systems''!

3.4. Patents related to the ``Enigma'' machine

Surprisingly, various aspects of what became theEnigma machine were published in the following GBpatents, with their application dates:

· GB163357 (10/11/1919, H A Koch of The Hague)which shows the ®rst electromechanical disc. It wasstated to greatly increase ciphering speed and couldbe built into the telegraphic transmitter/receiver (seeFig. 3).

· GB267472 (10/3/1926, Chi�riermaschinen AG of Ber-lin) which shows the ®rst use of removable discs/drums to reduce the size of the machine (see Fig. 4).

· GB341073 (5/10/1929, R Michel and R Dreyse ofBerlin) which relates to ``telegraphic apparatus forsecret transmissions from the transmitting stationby means of a keyboard of which each sendingkey is associated with several groups of contactswhich successively pass into the zone of operationof the keys, and these secret signals are decoded atthe receiving station on a similar device to that usedat the sending station and operated in conjunctiontherewith in such manner that the carrier of the con-tact groups at the receiving station is fed a step afterdepression of a key in accord with each transmissionof a signal from the sending station thus ensuringthat below the receiving keys a new combination ismade to pass (which is arranged in relation to the

transmitting device) so that by pressing down thereceiving key indicated by the arriving secret signalthe necessary contacts for the clear signal are made''(see Fig. 5).

· GB342019 (8/11/1928, W Korn of Berlin) shows an``electrical device for coding and decoding by meansof a set of coding cylinders which are rotated rela-tively to one another during the coding and decod-ing by means of toothed pinions interposedbetween them'' and is characterised by ``the toothedpinions having a device by which they are locked af-ter e�ecting the de®nite relative rotation, therebykeeping the coding cylinders belonging to themlocked'' (see Fig. 6).

Fig. 3. GB163357 (1921).

B. Spear / World Patent Information 22 (2000) 177±183 179

· GB343146 (16/11/1928, Chi�riermaschinen AG ofBerlin) provides a further development of the codingdrums and pinion (or pawl) system, in which a con-trol member is connected to rotatable and ®xablecharacter rings (see Fig. 7).

Anyone reading these patents would have had a clearidea of how Germany might solve their cryptographicproblems in any future war. Post-war cryptographicadvances were generally not published or patented inview of their military/diplomatic uses.

4. Current patent activity

In recent years the explosion in world-wide comput-ers/communication systems has brought an upsurge indemand for securely encrypted commercial data tra�cso some military techniques have entered the publicdomain. Commercial applications especially include®elds like banking, where huge sums of money may betransferred round the world by a clerk using a PC butwhere the opportunities for fraud are immense. Secureencryption is a must here. Of greater signi®cance in thelong term is probably use of the Internet for electroniccommerce using credit cards etc. for payment. If there isscope for fraud, few users will risk using the system sosecure encryption is again essential.

4.1. Statistics for the last 11 years

The main International Patent Classi®cation forcryptography is H04L-9/00 with its subdivisions and thenumber of basic patent documents classi®ed there bypublication year is as follows and is illustrated in Fig. 8:

Fig. 5. GB341073 (1931).

Fig. 6. GB342019 (1931).

Fig. 7. GB343146 (1931).

Fig. 4. GB267472 (1927).

180 B. Spear / World Patent Information 22 (2000) 177±183

Clearly the upsurge occurred as soon as the commercialimplications of the Internet became widely known andthis shows no sign of abating.

4.2. Modern cipher systems

Simplicity, security and speed are needed for com-mercially successful systems and cracking them is afunction of the cipher complexity (highly dependent onpure mathematical theory), sophisticated software andthe amount of computer power that can be thrownagainst them so-called ``Brute Force Attacks''. As manyusers are unsophisticated, e.g., they often use very sim-ple (and easily crackable) passwords to get into theirown PCs, and the cost of computer power is halvingevery 18 months (maybe quicker if so-called quantumcomputers become operational), the main defence is tokeep making the ciphers more complex. Most modernsystems are variants of:

Data encryption standard (DES) which was adoptedby the US government in 1977. The cryptographicstrength of such a system depends on the length of thekey so a 40 bit key would have been considered rela-tively weak (i.e. breakable) whereas a 56 bit key wasstrong (i.e. theoretically unbreakable within a reason-able time). However, a recent news item [1] disclosedthat 512 bit RSA used by banks had been cracked byDutch academics so 768 or 1024 bits may really beneeded. The US government, in part to counter terror-ism, has tried to ban the export of strong encryption, i.e.more than 40 bits, as ``military munitions'', which hascaused much evasion and frequent rows. Currently theUS law seems to be moving away from such bans. Inanother recent news item, it was reported that the US

Export Council Sub-committee on Encryption had rec-ommended allowing export of 128 bit encryption [2].

Rivest, Shamir, Adleman (RSA) which allows the keyto be divided between a public encryption key and aprivate decryption key. The two keys are chosen frommathematical prime number theory so that brute forcedecryption would theoretically take forever, though the

1988: 297 1989: 260 1990: 329 1991: 3361992: 404 1993: 431 1994: 442 1995: 6001996: 691 1997: 966 1998: 1165 1999: 1227

Source: Derwent World Patent Index, Dialog version,py� xxxx/pb

Fig. 9. GB2309615 (1997).

Fig. 10. GB2319641 (1998).

Fig. 8. Cryptography patents, worldwide by publication year.

B. Spear / World Patent Information 22 (2000) 177±183 181

mathematicians are trying hard to prove otherwise. Thisis sometimes known as public key encryption and isparticularly suitable for Internet tra�c.

Pretty Good Privacy (PGP) is a very strong encryp-tion system (2048 bits) devised by Philip Zimmermanwho made it freely available on the Internet a few yearsago. It is a mixture of RSA and another strong algo-rithm IDEA and is a major challenge to the US exportrestrictions.

4.3. Selected recent patents

Many recent applications are concerned with pro-tecting ordinary people who are trading or conductingother ®nancial transactions over the Internet. Clearlyencryption is essential for consumer con®dence but, onthe other hand, the encryption/decryption must betransparent to the user while being su�ciently complexto deter the determined fraudster.

In GB2309615A (Firecrest Group Plc), a telephone-like terminal with speech facility, card reader andencryption is connected to a PC programmed to en-able speech communication. The objective is to pro-vide a system for Internet communication, which ismore closely similar to conventional telephone trans-actions, and hence requires less ``computer literacy''(see Fig. 9).

GB2319641A (IBM Corporation), describes a systemwhich keeps personal identi®cation numbers securewhen the user transfers between web pages of Internetapplications such as bank, airline and supermarket sites(see Fig. 10).

In US5809143 (Thomas S Hughes), a system forconducting secure credit card and similar transactionsthrough the Internet includes a keyboard with an en-cryption device for PIN and like personal information(see Fig. 11).

WO97/37461A1 (Hewlett-Packard Company), relatesto electronic cash spending using a complex public and

secret signature generator encryption scheme (seeFig. 12).

5. Patenting problems

In many countries, mathematical methods, methodsof doing business and computer programs are excludedfrom patent protection. Since most modern crypto-graphic patents are concerned with a mixture of allthree, problems might arise here. Even if the grantedpatents were found valid by the courts, who would thepatent owner sue, in which jurisdiction, and who wouldenforce collection of any damages awarded? Given theway the Internet operates a determined patent infringermight be very di�cult to deal with. A number of formaldecisions are starting to come through, as reported inthe ``Communications'' sections of recent issues of thisjournal, but a coherent legal pattern is still a long wayo�.

6. Conclusion

Large amounts of money are and will be made out ofelectronic trading so the incentive to produce strong but

Fig. 11. US5809143 (1998).

Fig. 12. WO97/37461.

182 B. Spear / World Patent Information 22 (2000) 177±183

easily usable cryptographic systems, or to break them, isimmense. Patents will form a vital part of this. We live ininteresting times!

Acknowledgements

This paper is based on an article prepared by theauthor for The Patent O�ce Magazine, a limited-cir-culation, internal house magazine of the UK PatentO�ce, with the agreement of its editor.

References

[1] Banks warned after encryption cracked, Computer Weekly, 9

September 1999.

[2] US strong encryption rules to be relaxed ÔselectivelyÕ, Network

News, Issue 193, 8 September 1999.

Further Reading

[1] ``Secret Warfare'' by Bruce Norman. Published by David and

Charles. 1985. ISBN 0-7153-9456-8.

[2] ``Introduction to Cryptology and PC Security'' by Brian Beckett.

Published by Mc-Graw-Hill. 1997.

[3] ``Internet Cryptography'' by Richard E. Smith. Published by

Addison Wesley Longman. 1997. ISBN 0-201-92480-3.

[4] ``The Code Book: The Science of Secrecy from Ancient Egypt to

Quantum Cryptography'' by Simon Singh. Published by Fourth

Estate Limited, London. 1999. ISBN 1-85702-879-1

Brian Spear

B. Spear / World Patent Information 22 (2000) 177±183 183