IPR Details
Phoenix Technologies' Letter of Intent pertaining to the SPEKE patent and its relation to SRP and RFC 2945

Submitted: March 18, 2002 under the rules in RFC 2026

Note: Updates to IPR disclosures must only be made by authorized representatives of the original submitters. Updates will automatically be forwarded to the current Patent Holder's Contact and to the Submitter of the original IPR disclosure.



I. Patent Holder/Applicant ("Patent Holder")

Previous (#63)This (#2516)
Phoenix Technologies Ltd. Holder legal name Phoenix Technologies Ltd.

II. Patent Holder's Contact for Licence Application

Previous (#63)This (#2516)
Katherine Stolz Holder contact name Katherine Stolz
Katherine_Stolz@phoenix.com Holder contact email Katherine_Stolz@phoenix.com

Vice President
Security Products

Holder contact info

Vice President
Security Products

III. IETF Document or Other Contribution to Which this IPR Disclosure Relates

Previous (#63)This (#2516)
RFC: RFC2945 ("The SRP Authentication and Key Exchange System") Designations for Other Contributions SPEKE patent and SRP RFC: RFC2945 ("The SRP Authentication and Key Exchange System")
Designations for Other Contributions
SPEKE patent and SRP

IV. Disclosure of Patent Information i.e., patents or patent applications required to be disclosed by RFC 2026

A. For granted patents or published pending patent applications, please provide the following information:

Previous (#63)This (#2516)

Patent, Serial, Publication, Registration, or Application/File number(s)

U.S. Patent Number 6,226,383

B. Does this disclosure relate to an unpublished pending patent application?:

Previous (#63)This (#2516)
No Has patent pending No

V. Licensing Declaration

The Patent Holder states that its position with respect to licensing any patent claims contained in the patent(s) or patent application(s) disclosed above that would necessarily be infringed by implementation of the technology required by the relevant IETF specification ("Necessary Patent Claims"), for the purpose of implementing such specification, is as follows(select one licensing declaration option only):

Previous (#63)This (#2516)
See Text Below for Licensing Declaration Licensing See Text Below for Licensing Declaration

Dear working group members,

Regarding the inquiry by working group co-chair David Black into the nature
of U.S. patent 6,226,383 and its relation to SRP and RFC 2945, this letter
presents a status update on Phoenix's plans to provide an appropriate
response for the working group. This letter also presents a general summary
of our licensing practices and products in the field of password-based
cryptography, which I hope will assist you in the planning process.

Phoenix owns patent 6,226,383 which describes the SPEKE methods for
zero-knowledge password authentication. An investigation into exactly how
this patent relates to RFC 2945 is now underway within the company. While
providing guarantees and assurances for use of technology developed by other
organizations has not been a traditional priority for Phoenix, there is now
recognition of the need for this working group and others to have clarity in
this matter, and a position statement will be provided very soon.

Phoenix Technologies, in part through the acquisition of Integrity Sciences,
has developed the SPEKE family of zero-knowledge password methods, providing
both licenses and implementations. These protocols have been cited and
studied in numerous research papers over the past several years. In
particular, the BSPEKE protocol can provide a plug-and-play upgrade for SRP.
An Internet Draft discussing these issues is also being prepared. These
methods are comparable to the best of any similar methods, and they are
easily shown to be unencumbered by the other patents in this field.

It would seem a shame for a new standards effort to avoid zero-knowledge
password techniques as a purely cost-savings measure, given the choices
available. The need for convenient, strong, and inexpensive security
built-in to the infrastructure of Internet applications is as great today as
ever. The SPEKE techniques represent a generational improvement in personal
authentication, providing strong security with minimal effort. These
methods provide the best choices in this field, with the cleanest
implementations, optimal security, best alignment with standards, and
easiest license agreements for commercial deployment of zero-knowledge
password techniques.

A statement regarding licensing of the SPEKE patent in the context of the
IEEE 1363 standard is on file with the IEEE, and Phoenix is also committed
to providing an updated statement in this same time frame that conforms to
both IEEE and IETF policies assuring reasonable and non-discriminatory
terms. But more importantly, as a leading provider to the PC industry,
Phoenix will stand behind its technology. Phoenix has a 20-year history of
broadly licensing products to this industry, and has helped to pioneer many
widely used standards and technologies that are built-in to the systems that
we all take for granted. Our history of cooperation with many of the
leading companies in the industry makes Phoenix naturally suited to gently
encouraging the adoption of this new class of strong and convenient security


David Jablon
CTO, Phoenix Technologies
508.898.9024 direct

Phoenix Technologies Ltd.
320 Norwood Park South
Norwood, MA 02062
781.551.5000 main

Licensing information, comments, notes, or URL for further information

This is to advise the IETF that Phoenix Technologies Ltd.
("Phoenix") has U.S. Patent Number 6,226,383 that may
relate to the IETF document RFC 2945 titled "The SRP
Authentication and Key Exchange System".

To the extent that this patent assigned to Phoenix is
necessary for implementation of RFC 2945 or any related
IETF standard, Phoenix will provide, upon written request,
to implementers of the relevant standard, a non-exclusive
license under reasonable and non-discriminatory terms.

Phoenix has licensed this technology to companies, and
accepts inquiries regarding licensing or evaluating the
SPEKE technology. For these inquiries, please contact our
security products department at:

Vice President, Security Products
Phoenix Technologies

Any questions or issues regarding this communication should
be directed to the Phoenix Technologies Legal Department.

Associate General Counsel
Phoenix Technologies Ltd
411 E. Plumeria Drive
San Jose, CA 95134

Note: The individual submitting this template represents and warrants that he or she is authorized by the Patent Holder to agree to the above-selected licensing declaration.

VI. Contact Information of Submitter of this Form

Previous (#63)This (#2516)
David Jablon Submitter name David Jablon
david_jablon@phoenix.com Submitter email david_jablon@phoenix.com

Only those sections of the relevant entry form where the submitter provided information are displayed.