[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q&A on the RSA/Cylink legal dispute



IANAL, but after a couple of hours of slogging through the arbitration
report, here's my layman's interpretation:

-	Either both sides or neither side breached the agreement forming PKP
	(the arbitrators went out their way to avoid assigning blame)

-	PKP is dissolved by mutual agreement.

-	Cylink maintains control of the Stanford patents (Hellman-Merkle,
	Diffie-Hellman [others (?)])

-	RSA maintains control of the MIT patents (RSA [others])

-	It isn't clear to me whether Cylink maintained the right to use
	the RSA software in creating a product.  The arbitration order
	was as clear as mud on this point.  It is clearer that they
	maintained the right to *use the patented technology* covered by
	the MIT patents in the creation of a product.  In either case,
	it appears that their right does not extend to the point where
	they can sublicense the technology -- so it looks to me like
	Cylink can't sell you an RSA toolkit, for instance.

-	RSA has no rights to license the Stanford patents.


RSA's FAQ (via [email protected]) writes:

>      A. The Panel's ruling was very specific. Everything it said about third 
>      parties, including RSA customers who use software, refers to their need 
>      for patent licenses. If you bought software from RSA and RSA itself had 
>      the rights to make that software and license it to you, you don't need 
>      a separate patent license; rights to the patents came with the product. 
>      The Ruling also states, "RSA has a right to license its software."

This answer is evasive.  RSA didn't give the complete sentence from the
arbitration panel's order.  It is:

    "Therefore, after April 6, 1990, RSA has a right to license its
    (RSA's) software to third-parties but does not have the right to
    license such third-parties under the Stanford patents."

So, their answer appears to be correct only if the RSA software doesn't
infringe the Stanford patents.  And that seems to be a matter of opinion.
Furthermore, the next sentence in the order continues:

    "To the extent RSA provides code to third-parties which causes an 
    infringement of a valid and enforceable claim of the Stanford patents,
    assuming the third party is not separately licensed under the Stanford
    patent [sic], nothing in this order shall prevent Cylink from pursuing
    its rights under the Stanford patents against such third party."


That's pretty clear to me folks, but make your own judgements.


>                                                                         If 
>      you're using RSA's software -you didn't write your own- you don't need 
>      a separate patent license under either the MIT or Stanford patents.

Again, only to the extent that you're not infringing the Stanford patents.


So, pay your nickel, take your chances.  Does RSA's software infringe
the Stanford patents?

(Of course these are my opinions, not my company's)


-- Jeff