IP: Q&A on the RSA/Cylink legal dispute

[David Farber <farber () central cis upenn edu>]

From: Jeff Barber <jeffb () sware com>
Subject: Re: Q&A on the RSA/Cylink legal dispute


IANAL, but after a couple of hours of slogging through the arbitration
report, here's my layman's interpretation:


-       Either both sides or neither side breached the agreement forming PKP
        (the arbitrators went out their way to avoid assigning blame)


-       PKP is dissolved by mutual agreement.


-       Cylink maintains control of the Stanford patents (Hellman-Merkle,
        Diffie-Hellman [others (?)])


-       RSA maintains control of the MIT patents (RSA [others])


-       It isn't clear to me whether Cylink maintained the right to use
        the RSA software in creating a product.  The arbitration order
        was as clear as mud on this point.  It is clearer that they
        maintained the right to *use the patented technology* covered by
        the MIT patents in the creation of a product.  In either case,
        it appears that their right does not extend to the point where
        they can sublicense the technology -- so it looks to me like
        Cylink can't sell you an RSA toolkit, for instance.


-       RSA has no rights to license the Stanford patents.




RSA's FAQ (via baldwin () rsa com) writes:


>      A. The Panel's ruling was very specific. Everything it said about third
>      parties, including RSA customers who use software, refers to their need
>      for patent licenses. If you bought software from RSA and RSA itself had
>      the rights to make that software and license it to you, you don't need
>      a separate patent license; rights to the patents came with the product.
>      The Ruling also states, "RSA has a right to license its software."


This answer is evasive.  RSA didn't give the complete sentence from the
arbitration panel's order.  It is:


    "Therefore, after April 6, 1990, RSA has a right to license its
    (RSA's) software to third-parties but does not have the right to
    license such third-parties under the Stanford patents."


So, their answer appears to be correct only if the RSA software doesn't
infringe the Stanford patents.  And that seems to be a matter of opinion.
Furthermore, the next sentence in the order continues:


    "To the extent RSA provides code to third-parties which causes an
    infringement of a valid and enforceable claim of the Stanford patents,
    assuming the third party is not separately licensed under the Stanford
    patent [sic], nothing in this order shall prevent Cylink from pursuing
    its rights under the Stanford patents against such third party."




That's pretty clear to me folks, but make your own judgements.




>                                                                         If
>      you're using RSA's software -you didn't write your own- you don't need
>      a separate patent license under either the MIT or Stanford patents.


Again, only to the extent that you're not infringing the Stanford patents.




So, pay your nickel, take your chances.  Does RSA's software infringe
the Stanford patents?


(Of course these are my opinions, not my company's)




-- Jeff