February 25, 2020
Last week’s good vs. bad news
The good news last week? Well, I went to Chelyabinsk – that’s the first piece of good news. Okay. I need to keep score here. The referee blows the whistle. Game on. 1:0…
Our lineup of patent lawyers now takes to the field. They bring good news, too. We’ve won yet another patent infringement lawsuit in the States! I won’t waste time explaining; I’ll just quote our report from the frontline: “One more major lawsuit is added to our list of victories! Case closed – not a cent to pay out!”
What was the claim all about?
In a nutshell, Greater Boston Authentication Solutions (GBAS) didn’t like the operating principle of our Activation 2.0 technology, which allows a trial version to be upgraded to a full version by validating a ticket that contains various information. GBAS deemed that Activation 2.0 infringed on their patents: US5982892, US6567793 and US7346583.
// I’ve intentionally added the links to their patents in case anyone is curious.
These patents, born back in 1997, describe a software activation technology that uses a digital signature. It’s all relatively straightforward: the developer creates a digital signature from received data and transfers it to the product. The product, using a built-in public key, validates the signature to see if it matches the user’s details and decides whether access should be given.
This is what it looks like at Kaspersky:
First we were asked to pay $1 million “here and now”, so they can “forgive and forget”. We refused and followed the customary practice of going through the various stages of litigation. Then, GBAS came up with a sum of no less than $179 million in fines for abusing their technology. By the way, their optimistic estimate would net no more than $37 million in court (such is the economic stage of litigation). Before mediation they offered an unexpected “last warning” of a modest $500,000.
On top of that, GBAS were completely confident about their success, as the patent came with the broadest description possible, and the list of those who had been sued for infringing on it was already impressively long. All prior cases were resolved in secret so we faced the possibility that GBAS sued about 11 companies including Microsoft, Juniper and Siemens.
Besides that, marshaling their forces was none other than Paul Hayes, a highly experienced lawyer with multiple Super Lawyer awards who recently made it into the Best Lawyers in America 2020 list. Paul has vast patent litigation experience: he has been able to help win insane figures in the hundreds of millions since the early 2000s.
Hayes’ track record includes Vlingo’s successful defense against Nuance Communications and a high-profile victory over Microsoft followed by a fine of $388 million. But this highly experienced and respected patent lawyer with a host of industry awards was left empty-handed after coming up against us.
Mediation followed the judicial process. We knew going in that GBAS had studied our Activation 2.0 and created a presentation with a total of 132 slides! One hundred and thirty-two slides! No, that’s not a typo. They had gone to the trouble of reverse-engineering the entire product!
According to our patent lawyers, this was no simple case. “The processes of generating tickets and justifying fields are very hard to understand. We had to come up with analogies and explain them in lay terms for the jury.” Both the judge and the jury would have had to work very hard to understand the essence of the technologies being discussed.
After about three hours in court, GBAS and Kaspersky Lab came out with a public settlement with the following conditions:
– GBAS dropped their claims with prejudice, meaning the lawsuit was thrown out and the company was forbidden from ever filing it again in the future;
– GBAS gave a covenant not to sue Kaspersky for patent infringement;
– in return, we promised not to use any of our arguments, analysis or any other materials in helping other potential defendants, and not to invalidate GBAS patents.
Our settlement is public—this distinguishes us from all other companies because their cases were resolved in secret.
So, the good-vs-bad-news score for the week is now 2:0. What else? Oh! Yes! Piece of good news number three! We have been awarded an ISO/IEC 27001:2013 certificate!
View this post on Instagram
WHAT IS THIS THING I'M HOLDING? SEE BELOW ⏬ . Вы спросите: а что это такое у меня в руках? Это, мальчики и девочки, очень важный документ. Как говорил профессор Преображенский в нетленке Булгакова – "окончательная и фактическая бумажка", которая закрепляет статус @kasperskylabrus как самого прозрачного бизнеса в инфосек-индустрии. Это сертификат ISO/IEC 27001:2013 от независимой сертификационной компании TÜV AUSTRIA, который свидетельствует: в данном конкретном производственном объекте/процессе/технологии с точки зрения безопасности всё сделано правильно. Без швов-заплаток-заусенец, отсутствуют небезопасные дырки, всё под контролем круглосуточно, чужое не пролезет, своё ненужное никуда случайно не улетит, т.е. всё сделано качественно, в соответствии, с умом и феншуем. —8<— I read your question: what the … is the thing I'm holding here? Boys and girls, this is a very important document – ISO/IEC 27001:2013 certificate from TÜV AUSTRIA that bolsters @kasperskylab status as the most transparent company in the infosecurity industry. Compliance with ISO/IEC 27001:2013 is proof that a particular production site, process or technology is all up to scratch in terms of security. No seams, patches or rough edges. No unsafe gaps. Things are under control around the clock. No unauthorized access or uncontrolled leakages. Everything is done to the highest standards, smartly and in full harmony.
What it is and why we need it. I am quoting our official news release:
ISO/IEC 27001 is the most widely used information security standard prepared and published by the International Organization for Standardization (ISO). It includes requirements on how to implement, monitor, maintain, and continually improve an information security management system…
Boring and incomprehensible, eh? I will try to paraphrase this using simpler words.
Compliance with ISO/IEC 27001:2013 is proof that a particular production site, process or technology is all up to scratch in terms of security. No seams, patches or rough edges. No unsafe gaps. Things are under control around the clock. No unauthorized access or uncontrolled leakages. Everything is done to the highest standards, smartly and in full kosher feng shui harmony.
Auditing every last process and technology is positively and understandably unfeasible. Therefore, we selected just two critical infrastructure components:
I. KSN, or K-Security Network, or the Cloud. This is the thing that our products connect to, if it’s explicitly permitted by the user, and the one that automatically handles malicious and suspicious files.
II. DFS, or Distributed File System, where all those files are stored on “designated shelves”.
Since our systems’ data is spread across several sites, the audit covered the most important ones in Zurich, Frankfurt am Main, Toronto and Moscow.
Why did we need this? It is all very simple! We needed it to anticipate the predictable questions on what we know and what we collect, how we handle that data, where and how we store it afterwards, and who has access to it. Many infosec companies have clouds, but only we have the proper certificate now. In other words, we now have a certified response: get connected to the KSN cloud, it will only get better. So, we now have an authoritative security certificate, and what a certificate it is!
Oh! I completely forgot! The audit was conducted by the independent company TÜV AUSTRIA. That means even fewer questions.
Finally, my thanks go out to all Kaspersky employees who participated in this highly complex and extremely important project. Thanks a million everybody!!
And now, the fourth news item: it’s time to pack my suitcase for the Mobile World Congress (MWC), which I have participated in more than once and which is slowly becoming one of the key global IT events. You can read my impressions of previous events in my blog: 2017 and 2016. Hmm… Did I miss seasons 2018 and 2019? How did that happen? Just as well we’re going in 2020! All the more so, because I’ve been asked to speak on the main stage in front of a large audience. I’ve already prepared a rather provocative speech…
Then the news reports came in that this year’s MWC had been canceled due to the outbreak of the latest and baddest virus… They’ve put an announcement up on their website, too:
Oh damn! No need to pack my suitcase now. What a waste of an excellent presentation! It’s a shame, but there’s nothing I can do. The good news vs bad news score for the week is now 3:1.