CNRS, acting on its behalf and on behalf of other French research organizations funded by the French Government, is managing certain patents which may be relevant to one or more proposals submitted to the National Institute of Standards and Technology (NIST) in the Post-Quantum Cryptography Standardization process (the “Patents”).
CNRS is committed to enabling a broad development of efficient solutions based on this upcoming standard. CNRS is also determined to provide fair and reasonable compensation to the research organizations that contributed to the Patents. Such compensation is dedicated to be reallocated to public research laboratories in order to continue their fundamental research programs.
Should a standard be adopted by NIST as a result of the Post-Quantum Cryptography Standardization process (the “Standard”), and should any claims of the aforementioned Patents be declared to be essential and necessary for the implementation of the Standard, then any party would have the right to use such Patent claims to implement and fully comply with the Standard, according to the following terms:
- CNRS will grant royalty-bearing licenses under the Patents to any party making a commercial use of the Standard to make, sell, use, import, or offer for sale the products and services listed in the table below (the “Licensed Products”). Such license agreements will be granted under transparent, royalty-bearing fair, reasonable, non-discriminatory terms (“FRAND terms”).
The royalty rates are :
|Dedicated Hardware Products
||Dedicated physical computing end user devices that safeguard (i.e. securely store) and manage cryptographic keys and provide cryptographic processing (“Hardware Products”)
Hardware Products are ready for use products (even if a battery or the like needs to be added for use) and can be directly used by an end user (an end user can be an entity or a person).
Non-exhaustive examples: hardware security modules (HSM), cryptographic security modules
|• 1% of the revenues from sales or lease of Hardware Products implementing the Standard
|Key Management Services
||Services for managing cryptographic keys, including key generation, key exchange, storage and replacement of keys (“KMS”)
Non-exhaustive examples: Cloud-based key management services, key management as a service
|• 1% of the revenues from KMS involving the Standard. This includes for example using the Standard to securely communicate data and keys with the client of the KMS
- For the sake of clarity, CNRS will not assert any of the Patents against any party making a commercial use of the Standard to make, sell, use, import, or offer for sale products and services which are not Licensed Products. It is also understood that this document is not intended to present the full terms and conditions of the license agreements, but to set force only its financial conditions.
- CNRS will not assert any of the Patents against any party for making a non-commercial use of the Standard. Non-commercial use shall include academic research, learning and non-revenue generating services and products.
In the case of Licensed Products, discussions between CNRS and the licensees might lead to adjustments in the royalty payment modalities such as, but not limited to, lump sum payments based on the licensee’s revenue forecast from the sales or lease of Licensed Products.