[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(fwd) CYLINK Q&A on PKP Arbitration Decision
Newsgroups: sci.crypt,talk.politics.crypto,alt.security.pgp
Path: news.unt.edu!cs.utexas.edu!howland.reston.ans.net!ix.netcom.com!netcom.com!jkennedy
From: [email protected] (John Kennedy)
Subject: CYLINK Q&A on PKP Arbitration Decision
Message-ID: <[email protected]>
Keywords: Cylink, PKP, RSA, Public Key
Organization: CYLINK
Date: Wed, 27 Sep 1995 08:19:58 GMT
Lines: 277
Sender: [email protected]
Xref: news.unt.edu sci.crypt:39749 talk.politics.crypto:12787 alt.security.pgp:43387
-----------------------------------------------------------------
CYLINK Q&A on PKP ARBITRATION
The following statement from Cylink Corporation has been posted to
sci.crypt, talk.politics.crypto, and alt.security.pgp since we
believe it will be of interest to a large and diverse set of readers.
Please choose the appropriate newsgroup(s) to direct any follow-
ups.
A copy of this statement is also being placed on Cylink web page
(http://www.cylink.com). Additional related materials and updates
will also appear there.
Feel free to distribute this statement to other appropriate
newsgroups, mailing lists, and individuals.
-John C. Kennedy, Cylink Corporation
{ph: 408.735.5885 , [email protected]}
---------------------- Cylink Corporation -------------------------
September 26, 1995
IMPACT OF CYLINK VS. RSA ARBITRATION AWARD
FREQUENTLY ASKED QUESTIONS
Q. Why is the recent arbitration award between Cylink and RSA Data
Security significant for RSA's licensees and vendors of public key
cryptography in general?
A. The arbitration award is important to RSA's licensees for
two reasons:
First, the award makes it very clear that RSA does not have
the right to authorize its customers to copy RSA's software;
it doesn't matter whether the RSA customer is merely copying
object code versions of RSA's products. The right to copy RSA
software requires a patent license.
Second, until now RSA has claimed itself to be the de facto
standard in public key cryptography. This claim was possible
only so long as RSA could prevent its competitors from getting
patent licenses from Public Key Partners. Now that the
arbitrators have dissolved PKP, Cylink can enable vendors to
practice low cost public key technology without the use of
RSA. The market will finally enjoy vigorous competition based
on technology and price.
Q. In a recent statement, RSA's president still makes the claim
that the use of RSA software does not require a separate patent
license. Is that true?
A. That statement is not true for any RSA licensee who needs
the right to copy RSA software. The heart of RSA's business
is licensing so-called tool kits; the vendor takes one copy,
incorporates it into the vendor's own product and then makes
all of its own copies. The only RSA customers who don't need
a patent license are those who don't copy RSA software.
Q. That could be pretty serious for RSA and its customers. Can you
back up this statement?
A. Absolutely. Read the arbitrators' award at p. 14. If you
haven't received a copy from RSA you can find it on Cylink's
home page (http://www.cylink.com).
Don't take our word for it. When RSA's own attorneys pleaded
with the arbitrators to change their decision, they admitted
that "... every single RSA licensee will now be required to
obtain a Stanford Patent License from Cylink or run the risk
of being sued" (ask RSA for a copy its attorneys' letter dated
September 7). In a second decision dated September 12, the
arbitrators flatly rejected RSA's pleas and confirmed their
restrictions on the rights of RSA's customers. (a copy is also
available from Cylink's home page).
Q. RSA's president promises to indemnify all of its customers. Why
should they be concerned?
A. If you compare RSA's size against the size and number of
its customers copying RSA's software, one should ask whether
RSA's pockets are deep enough to reimburse its customers for
the damage RSA has caused.
Q. Did RSA know it did not have all of the rights it promised its
customers in RSA's software licenses?
A. Shortly after RSA gave up its patent rights to PKP, Cylink
began warning RSA that its did not have all of the rights it
was promising some of its customers. Unfortunately, Cylink had
to finally bring the arbitration to straighten this out.
Q. Why do RSA's customers need a license to the Stanford patents
simply to copy RSA's software?
A. Two reasons. The Stanford Hellman-Merkle patent is the
very first patent to describe Dr. Hellman's brilliant
invention of public key cryptography. All subsequent
refinements on this pioneer patent which implement Dr.
Hellman's concept, such as the RSA algorithm, require a
license to Dr. Hellman's patent.
Secondly, the Diffie-Hellman key exchange technique is a
standard feature in many of RSA's tool kits, which is also
covered by Stanford's Diffie-Hellman patent. Finally, if RSA
were correct in its statements that you don't need a Stanford
license to use RSA's software, why would they embark on yet
another expensive lawsuit to attack the patents?
Q. Isn't the Hellman-Merkle patent limited to practicing something
called the knapsack?
A. No. As the pioneer patent in public key, the inventors
were required to disclose only one implementation to support
their ground breaking invention. Even if no one is using the
knapsack itself, this particular patent continues to cover all
practice of public key. Only improvements, such as the RSA
algorithm described in MIT's patent, are limited to the
specific enablement described in the patent.
Again, don't just take our word for it. RSA itself admits
that RSA software is covered by these patents. Just look at
their license for RSAREF, Paragraph 6 (before they have time
to change it).
Q. But RSA has now brought suit to invalidate the Stanford Patents.
Doesn't this protect RSA's customers?
A. RSA's attempt to invalidate the very patents it had been
licensing as a partner in PKP does nothing for RSA's
customers. First of all, the fact that someone else is
challenging the validity of a patent doesn't make an infringer
immune from suit. RSA's challenge to the Stanford patent
would not prevent Cylink from suing and obtaining damages and
an injunction against any infringer. (Indemnity for damages,
by the way, is cold comfort if an RSA customer is enjoined
from selling any public key software.)
Second, anyone who waits around for RSA's case to be resolved
is taking a big gamble. Patents are presumed valid and RSA
will have to prove invalidity under the "clear and convincing"
burden of proof (which is higher than the traditional
"preponderance of the evidence" standard and just below the
criminal "reasonable doubt" standard). If RSA looses the
suit, all of its customers will be left hanging. An RSA
indemnity won't be worth much if RSA goes into bankruptcy.
Q. RSA claims that Cylink "confirmed" to RSA licensees "in writing"
"that no separate patent licenses were necessary if they licensed
RSA software." Is this true?
A. No. During the arbitration, however, one prospective RSA
licensee approached Cylink and said that RSA kept assuring
them that they didn't need a patent license to make their own
copies of RSA public key software, but they had gotten
suspicious when their own lawyers looked at the question
closely. Cylink told the prospect that a patent license was
needed for some of their projects, but in this instance Cylink
would not interfere with the pending RSA deal.
RSA customers who take the initiative and contact Cylink (as
in this special case) can expect cooperation in resolving the
patent problem.
Q. Why was PKP formed?
A. Cylink formed PKP with RSA to pool both parties' rights to
the Stanford and MIT patents, promote public key technology,
and generate licensing revenue for the partners, the
universities which owned the patents, and the inventors.
Q. Why was PKP dissolved?
A. Obviously great animosity has grown between the parties.
The main reason is that RSA frustrated Cylink's efforts to
settle the U.S. Government's efforts to license the Digital
Signature Standard. Now that Cylink has the Stanford patents
back, the DSS as well as other public key techniques can begin
competing with RSA in the market.
Q. How will these public key implementations compete with RSA?
Isn't RSA a "de facto" standard?
A. If anything, RSA software (which includes Stanford
algorithms such as Diffie-Hellman) has been prevalent by
"default" - not by choice. Now the market will have a choice
between multiple vendors competing on price as well as
technical implementation. Only after RSA's software faces the
test of competition can it fairly claim to be a standard.
Q. In his recent statement, RSA's president makes numerous
accusations about Cylink's use of the RSA algorithm. What are the
facts?
A. The arbitrators award is very clear that Cylink in fact has
certain rights to license the MIT patent. Specifically,
Cylink has an option to license the MIT patent provided it
uses some software provided by RSA. This places Cylink in a
better position than RSA's other customers who have no rights
to the Stanford patents.
It is important to remember that Cylink built its business for
the last ten years on the use of Stanford public key
technology - which proves our point that you don't need RSA or
its software to practice public key.
Q. Doesn't Cylink use the RSA algorithm in one of its products.
A. Yes, and only one. What RSA fails to mention is that
Cylink's largest customer, SWIFT, already holds its own PKP
license which the arbitrators forced RSA to grant. This
license allows Cylink to make the product for SWIFT.
Q. RSA claims that Cylink was offered a license to the RSA Patent,
and that Cylink turned it down. Is that true?
A. Like a lot of what RSA says, it's a half-truth. In June,
1994, RSA did offer a patent license, and Cylink did turn it
down. Why? Because a condition of the license was that
Cylink release RSA for all liability for its licensing
practices. In other words, the price for the license was more
than just the royalty. Cylink was being asked to forgive RSA
for the wrongs it committed over the years, and this Cylink
would not do.
Q. Why did Cylink decide to use RSA is this one product?
A. During PKP's existence, RSA frequently sought Cylink's
support for its technology by asking Cylink to use RSA. While
RSA now tells a different story, RSA's own newsletter (see,
for example RSA's "Ciphertext" Fall 1993 issue) and corporate
profile frequently promoted Cylink's use of RSA long before
the parties fell into their dispute over licensing DSS.
Having cooperated with RSA, and agreed to use their technology
in one product, RSA tried to blackmail Cylink to stop PKP's
settlement with the Government.
In any event, the restrictions imposed by the arbitrators on
RSA's licensing business are far more severe than the minor
inconvenience Cylink may experience in retro-fitting its
product with Stanford technology.
Q. What will Cylink do with the Stanford patents now?
A. Before the arbitrators' decision many of RSA's customers
had no reason to doubt RSA's word. Those RSA customers who
now come forward will be offered very favorable agreements.
Cylink is more interested in establishing commercial
relationships with RSA's licensees and promoting public key
technology than in disrupting existing business.
Q. Will Cylink attempt to stop the non-commercial use of public key
(such as in PGP)?
A. No. Although, technically, a Stanford patent license is
needed for the public domain software such as PGP, Cylink
intends to promote the use of public key on the Internet.
Cylink intends to announce a royalty-free license for personal
use after meeting with a spokesperson for the PGP community.
Watch Cylink's home page for details. (http://www.cylink.com)
Q. What advice can you give?
A. Get the facts first. Read the arbitrators decision,
including their September 12 ruling which denied RSA's request
for modification. Then call us.
(Call Bob Fougner at 408-735-5893, fax 408-735-6642, e-mail:
[email protected]).
---------------------- Cylink Corporation -------------------------
John Kennedy
Cylink Corporation
408-735-5885
[email protected]
--
"Freedom is meaningless unless | [email protected] - James Childers
you can give to those with whom| No man's freedom is safe
you disagree." - Jefferson | while Congress is in session
EA 73 53 12 4E 08 27 6C 21 64 28 51 92 0E 7C F7