Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!think!barmar From: barmar@think.com (Barry Margolin) Newsgroups: comp.arch Subject: Re: Patents and Architecture Message-ID: <40965@think.Think.COM> Date: 24 Jul 90 02:39:17 GMT References: <40193@think.Think.COM> Sender: news@Think.COM Organization: Thinking Machines Corporation, Cambridge MA, USA Lines: 101 Regarding the patent on the setuid bit: In article pcg@cs.aber.ac.uk (Piercarlo Grandi) writes: >Ahh. But here, please, tell us what is the invention: >* The idea of having multiple domains and protected procedures? They >were already old in the early sixties. No, you can't patent ideas. You can patent processes and mechanisms, i.e. ways to implement ideas. In the physical world, you can't patent the idea of child-proof medicine bottles, but you can patent the design for a particular way of child-proofing a bottle. >* The domain crossing? Surely rings and capability systems have it. Again, that's just a general idea. >* The fact that it is a software and not an hardware mechanism? But the >Multics rings were initially implemented in software and then what about >the PDP-1 inter domain call? Software rings were a kludge, and were not very secure. >* None of the above? What then? None of the above. What was patented was presumably the particular use of an owner-settable flag (the setuid bit) in combination with the automatically-set owner field of the file to permit users to implement gates into their personal domains. Compare this with Multics rings. With rings, there are no personal domains, only a fixed number of concentric, system-defined domains. Because the domains that rings define are so large, only privileged users may create publicly-accessible gates. Ordinary users may not set the gate flag on a file accessible to anyone outside their project. Inner-ring procedures automatically have access to the calling ring's data, while setuid processes have no special access to the calling process except the arguments passed in the exec() call. >I have selected the setuid bit because it is such an obvious >illustration of the problems with patenting software. >What do you want to patent with software? The implementation, the >specification, the interface, the general idea, the algorithm embodied, >what? As with hardware patent, you patent the design of a mechanism that implements a specific process. You can't patent the RSA algorithm nor the idea of public-key encryption, but you can patent a way to use RSA to implement public-key encryption. Meanwhile, someone else might patent the use of Diffie-Hellman for public-key encryption, and someone else could patent the use of RSA for digital signatures. >The setuid bit is a clever application of the idea of priviledged gates >at the between processes level instead of the within processes one, for >a non capability machine. Is it an invention? Where is the novelty? It's not an *application* of the idea, it's the design of a specific *implementation* of the idea. The novelty was in that particular implementation. >Which *is* the invention? Was there a previous implementation, or published design, of a mechanism for programmers to write programs that automatically granted the user the programmer's system access? >Do we give patents on all mechanisms that allow calling protected >trusted code between processes? Only if implemented under Unix? Only on >the specific inode structure and few lines in the implementation of >exec(2) that implement setuid executables and their activation? I have no idea to what level of detail the setuid patent goes. It's possible that it is specific enough that a non-Unix system would be unlikely to need to copy it. But if I were writing the patent I'd try to be as general as possible. For example, if I were writing the "XOR'ed cursor" patent, I wouldn't mention specific machine instruction names, since I'd want my patent to cover systems that give a different name to their instructions that implement the XOR operation. Instead, I'd describe XOR mathematically, describe frame buffers, and then specify the application of this mathematical operation to the numerical data in a frame buffer in order to implement a moving graphic. >A remark: note that patents do not encourage *inventions*; an inventor >can always resort to the more complicated trade secret route if he/she >wants to keep the invention proprietary (e.g. AT&T with the >better-than-simplex method). Patents encourage *publication*, in >exchange for the otherwise unavailable protection against independent or >subsequent reinvention. Well, most of Unix is protected by trade secret. I can't imagine how setuid could be kept secret, though, as the design is apparent to the user. For a chip, you might protect the circuitry by trade secret, but you would patent a novel pin design because the pins cannot be hidden. -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar