If you are a patent holder, and you believe that use of nistp224 may infringe your patent, please let me know.
The rest of this page explains why I'm not worried about several specific patents.
From context it's apparent that the quoted phrase refers to primes of small signed binary weight, such as primes near 2^k, for which division is particularly easy. The patent arguably covers the NIST curves. NIST P-224, for example, uses the prime 2^224-2^96+1.
Fortunately, the Crandall patents are clearly invalid, because the ``invention'' appeared in a printed publication more than a year before the patent application. So there's nothing to worry about.
To the extent that this patent applies to nistp224, it is clearly invalid, because nistp224 uses exactly the compression mechanism suggested in Victor Miller's CRYPTO '85 article introducing elliptic-curve cryptography. So there's nothing to worry about.
nistp224 does compute public keys as multiples of a fixed base, but it doesn't bother with precomputation. (You do fixed-base multiplication only once, to compute your public key; you do variable-base multiplication many times, to compute a shared secret for every communications partner.) So there's nothing to worry about.
In case anyone cares about this patent for other reasons: I've located prior art.
Similar comments apply to patent 5999627.