Are you Using HTTPS on your Website to securely encrypt traffic?





Well, we'll see you in the court.





At least, that's what CryptoPeak is saying to all big brands that utilize HTTPS on their web servers.





BIG Brands Sued for Using HTTPS: 'Patent Troll'





Texas-based company CryptoPeak Solutions LLC has filed 66 lawsuits against many big businesses in the US, claiming they have illegally used its patented encryption method – Elliptic Curve Cryptography (ECC) – on their HTTPS websites.

Elliptic Curve Cryptography (ECC) is a key exchange algorithm that is most widely used on websites secured with Transport Layer Security (TLS) to determine what symmetric keys are used during a session.





Encryption is on the rise after Edward Snowden made the world aware of government's global surveillance programs. Today, many big tech and online services are using encryption to:

Protect the data transmitted to/from visitor to domain

Lessen the risk of hacking

Auto-Escrowable and Auto-Certifiable Cryptosystems," which the firm argues covers elliptic curve cryptography (ECC). However, websites using the ECC key are now at risk of being forced to court for using the protocol. As CryptoPeak snapped up the Patent ( US Patent 6,202,150 ) that describes "," which the firm argues covers elliptic curve cryptography (ECC).





Either Pay or Don't Use HTTPS





The abstract of the US Patent 6,202,150 describes the invention, which was granted in 2001:

Companies Targeted by CryptoPeak





Some of the biggest names CryptoPeak Solutions sued include:

Yahoo

Netflix

Pinterest

AT&T

Sony

Groupon

GoPro

Etsy

Petco

Target

Costco

Home Depot

Expedia

Barnes & Noble

Multiple financial institutions and hotel chains

You can see the full list of lawsuits, which is available online here

"Defendant has committed direct infringement by its actions that comprise using one or more sites that utilize Elliptic Curve Cryptography Cipher Suites for the Transport Layer Security (TLS) protocol (the Accused Instrumentalities)," according to the lawsuits.

CryptoPeak can easily be categorized as a "Patent Troll," as it is still unclear if the cases will be successful or not. Since the patent describes some of the key tenets of ECC, which includes generating and publishing of public keys, not obvious corresponds directly to its implementation in HTTPS connections.





Scottrade are doing out of court settlements, "all matters in controversy between CryptoPeak and Scottrade have been settled, in principle." Some companies targeted by the firm are fighting the lawsuit that seeks damages and royalties, and other likeare doing out of court settlements, saying





Netflix, one of over 60 companies being dragged to court, called CryptoKey's lawsuit "invalid" from the outset and filed a case to be dismissed under FED. R. CIV. P. 12(B)(6).





"The defect in these claims is so glaring that CryptoPeak's only choice is to request that the court overlooks the express words of the claims, construe the claims to read out certain language, or even correct the claims," Netflix said ( PDF ) in a court filing.





Now, let's see what happens next.