Comment Re:The real problem (Score 1) 347
They're patenting a method of exchanging the keys to use for that cipher, and claiming using SSL/TLS to exchange the keys to use for RC4 violates their patent.
Not precisely. Here is Claim 1 of the patent:
providing a seed value to both said transmitter and receiver,
generating a first sequence of pseudo-random key values based on said seed value at said transmitter, each new key value in said sequence being produced at a time dependent upon a predetermined characteristic of the data being transmitted over said link,
encrypting the data sent over said link at said transmitter in accordance with said first sequence,
generating a second sequence of pseudo-random key values based on said seed value at said receiver, each new key value in said sequence being produced at a time dependent upon said predetermined characteristic of said data transmitted over said link such that said first and second sequences are identical to one another a new one of said key values in said first and said second sequences being produced each time a predetermined number of said blocks are transmitted over said link, and
decrypting the data sent over said link at said receiver in accordance with said second sequence.
So note that the keys are already provided (exchanged) in the first limitation. Then there's the issue of deriving the receiver and transmitter keys. This could refer to the pseudo-random function (PRF) used to generate session keys in TLS, but my understanding is that they're only asserting this against RC4 configurations.
That last clue is what makes me think that the "first sequence of pseudo-random key values" is RC4 output, and "encrypting" is XORing the plaintext with those values.