ip: Summary of RSA/Cylink Situation (was Re: Speaking of

[David Farber <farber () central cis upenn edu>]

John R Levine  <johnl () iecc com> wrote:


> I got a press release today that said that Cylink had won its patent
> suit against RSA, and the court agreed that RSA had infringed Cylink's
> patents on public key encryption.


It's unfortunately much more complex than this.  The dispute went to
arbitration, where a ruling was made.  Strangely, both parties now
claim to have won completely.  I've never seen two interrpretations of
any legal document that are so different.


There are actually two batches of patents involved in the suit, some
from work done at MIT and some from Stanford.  The MIT patents cover
the RSA cryptosystem (a public key encrytion technique discovered by
the founders of RSA Data Security, or RSADSI, which is a company),
while the Stanford patents include Diffie-Hellman exponential key
exchange and the original idea of public key cryptography.  There are
other ways to do public key cryptography besides RSA, though RSA is
simpler and more popular than the other techniques.  The Stanford
patents, however, appear to cover the whold field of public key
cryptography.


Before this recent ruling, all the patents were controlled by Public
Key Partners (PKP), which was run by Jim Bidzos.  PKP was a
partnership including Stanford, MIT, Cylink, and RSADSI and was run by
Jim Bidzos, president of RSADSI.  Cylink wanted to use and license the
patents on its own, but was blocked by PKP, which started the whole
mess.


RSADSI has been selling toolkits that let people use technologies
covered in the Stanford patents, and Cylink now claims that RSADSI
didn't have rights to do this.  Cylink has reportedly threatened to
charge RSADSI's customers $50,000 each for using patents that weren't
licensed correctly.  RSA has now taken to claiming that the Stanford
patents are invalid, to prevent Cylink from harrassing their
customers.  I think RSA is probably right here, since the Stanford
patents weren't filed properly.  (For example, they were submitted
more than a year after the publication of the techniques they cover.)


Meanwhile Cylink wants to be able to use the RSA cryptosystem without
paying royalties to RSADSI, so they seem to now be claiming that the
MIT patents are invalid!  These patents actually seem fairly strong to
me, so I don't think this claim would be likely to make it very far.


Hopefully we'll know more soon about the situation.  The outcome will
have a big impact on the ability of companies to make and sell
products using cryptography in the USA.  Anything from encrypted
encrypted telephones to secure e-mail to Internet commerce need public
key technologies, so the outcome of the lawyering is quite important.
Currently the patent licensing situation is a huge expensive mess for
anyone trying to bring a product to market, and I'm hopeful that as a
result of all this we'll soon have non-patented ways of doing public
key cryptography.




Cheers,


Paul C. Kocher   Independent cryptography/data security consultant
E-mail: pck () netcom com                     Voice/FAX: 415-354-8004