1995-09-27 - (fwd) CYLINK Q&A on PKP Arbitration Decision

Header Data

From: Childers James <ic58@jove.acs.unt.edu>
To: cypherpunks@toad.com
Message Hash: 53d5d7b9e7dd79098c08e241a3dad31cc9243350a63865952b05642003d79a5e
Message ID: <199509271910.OAA23774@jove.acs.unt.edu>
Reply To: N/A
UTC Datetime: 1995-09-27 19:13:07 UTC
Raw Date: Wed, 27 Sep 95 12:13:07 PDT

Raw message

From: Childers James <ic58@jove.acs.unt.edu>
Date: Wed, 27 Sep 95 12:13:07 PDT
To: cypherpunks@toad.com
Subject: (fwd) CYLINK Q&A on PKP Arbitration Decision
Message-ID: <199509271910.OAA23774@jove.acs.unt.edu>
MIME-Version: 1.0
Content-Type: text/plain


Newsgroups: sci.crypt,talk.politics.crypto,alt.security.pgp
Path: news.unt.edu!cs.utexas.edu!howland.reston.ans.net!ix.netcom.com!netcom.com!jkennedy
From: jkennedy@netcom.com (John Kennedy)
Subject: CYLINK Q&A on PKP Arbitration Decision
Message-ID: <jkennedyDFK1tA.57D@netcom.com>
Keywords: Cylink, PKP, RSA, Public Key
Organization: CYLINK
Date: Wed, 27 Sep 1995 08:19:58 GMT
Lines: 277
Sender: jkennedy@netcom23.netcom.com
Xref: news.unt.edu sci.crypt:39749 talk.politics.crypto:12787 alt.security.pgp:43387

-----------------------------------------------------------------
CYLINK Q&A on PKP ARBITRATION

The following statement from Cylink Corporation has been posted to
sci.crypt, talk.politics.crypto, and alt.security.pgp since we
believe it will be of interest to a large and diverse set of readers. 
Please choose the appropriate newsgroup(s) to direct any follow-
ups.

A copy of this statement is also being placed on Cylink web page
(http://www.cylink.com).  Additional related materials and updates 
will also appear there.

Feel free to distribute this statement to other appropriate
newsgroups, mailing lists, and individuals.

-John C. Kennedy, Cylink Corporation 
 {ph: 408.735.5885 , jkennedy@cylink.com}

---------------------- Cylink Corporation -------------------------

September 26, 1995

IMPACT OF CYLINK VS. RSA ARBITRATION AWARD
FREQUENTLY ASKED QUESTIONS
     
Q. Why is the recent arbitration award between Cylink and RSA Data
Security significant for RSA's licensees and vendors of public key
cryptography in general?
     
     A. The arbitration award is important to RSA's licensees for
     two reasons:
     
     First, the award makes it very clear that RSA does not have
     the right to authorize its customers to copy RSA's software;
     it doesn't matter whether the RSA customer is merely copying
     object code versions of RSA's products. The right to copy RSA
     software requires a patent license.
     
     Second, until now RSA has claimed itself to be the de facto
     standard in public key cryptography.  This claim was possible
     only so long as RSA could prevent its competitors from getting
     patent licenses from Public Key Partners.  Now that the
     arbitrators have dissolved PKP, Cylink can enable vendors to
     practice low cost public key technology without the use of
     RSA.  The market will finally enjoy vigorous competition based
     on technology and price.
     
Q. In a recent statement, RSA's president still makes the claim
that the use of RSA software does not require a separate patent
license.  Is that true?
     
     A. That statement is not true for any RSA licensee who needs
     the right to copy RSA software.  The heart of RSA's business
     is licensing so-called tool kits; the vendor takes one copy,
     incorporates it into the vendor's own product and then makes
     all of its own copies.  The only RSA customers who don't need
     a patent license are those who don't copy RSA software.
     
Q. That could be pretty serious for RSA and its customers.  Can you
back up this statement?
     
     A. Absolutely.  Read the arbitrators' award at p. 14.  If you
     haven't received a copy from RSA you can find it on Cylink's
     home page (http://www.cylink.com).  

     Don't take our word for it.  When RSA's own attorneys pleaded
     with the arbitrators to change their decision, they admitted
     that "... every single RSA licensee will now be required to
     obtain a Stanford Patent License from Cylink or run the risk
     of being sued" (ask RSA for a copy its attorneys' letter dated
     September 7).  In a second decision dated September 12, the
     arbitrators flatly rejected RSA's pleas and confirmed their
     restrictions on the rights of RSA's customers. (a copy is also
     available from Cylink's home page).
     
Q. RSA's president promises to indemnify all of its customers.  Why
should they be concerned?
     
     A. If you compare RSA's size against the size and number of
     its customers copying RSA's software, one should ask whether
     RSA's pockets are deep enough to reimburse its customers for
     the damage RSA has caused.
     
Q. Did RSA know it did not have all of the rights it promised its
customers in RSA's software licenses?
     
     A. Shortly after RSA gave up its patent rights to PKP, Cylink
     began warning RSA that its did not have all of the rights it
     was promising some of its customers. Unfortunately, Cylink had
     to finally bring the arbitration to straighten this out. 
     
Q. Why do RSA's customers need a license to the Stanford patents
simply to copy RSA's software?
     
     A. Two reasons.  The Stanford Hellman-Merkle patent is the
     very first patent to describe Dr. Hellman's brilliant
     invention of public key cryptography.  All subsequent
     refinements on this pioneer patent which implement Dr.
     Hellman's concept, such as the RSA algorithm, require a
     license to Dr. Hellman's patent.  
    
     Secondly, the Diffie-Hellman key exchange technique is a
     standard feature in many of RSA's tool kits, which is also
     covered by Stanford's Diffie-Hellman patent.  Finally, if RSA
     were correct in its statements that you don't need a Stanford
     license to use RSA's software, why would they embark on yet
     another expensive lawsuit to attack the patents?
     
Q. Isn't the Hellman-Merkle patent limited to practicing something
called the knapsack?
     
     A. No.  As the pioneer patent in public key, the inventors
     were required to disclose only one implementation to support
     their ground breaking invention.  Even if no one is using the
     knapsack itself, this particular patent continues to cover all
     practice of public key.  Only improvements, such as the RSA
     algorithm described in MIT's patent, are limited to the
     specific enablement described in the patent.
     
     Again, don't just take our word for it.  RSA itself admits
     that RSA software is covered by these patents.  Just look at
     their license for RSAREF, Paragraph 6 (before they have time
     to change it).
     
Q. But RSA has now brought suit to invalidate the Stanford Patents. 
Doesn't this protect RSA's customers?
     
     A. RSA's attempt to invalidate the very patents it had been
     licensing as a partner in PKP does nothing for RSA's
     customers.  First of all, the fact that someone else is
     challenging the validity of a patent doesn't make an infringer
     immune from suit.  RSA's challenge to the Stanford patent
     would not prevent Cylink from suing and obtaining damages and
     an injunction against any infringer.  (Indemnity for damages,
     by the way, is cold comfort if an RSA customer is enjoined
     from selling any public key software.)
     
     Second, anyone who waits around for RSA's case to be resolved
     is taking a big gamble.  Patents are presumed valid and RSA
     will have to prove invalidity under the "clear and convincing"
     burden of proof (which is higher than the traditional
     "preponderance of the evidence" standard and just below the
     criminal "reasonable doubt" standard).  If RSA looses the
     suit, all of its customers will be left hanging.  An RSA
     indemnity won't be worth much if RSA goes into bankruptcy.
     
Q. RSA claims that Cylink "confirmed" to RSA licensees "in writing"
"that no separate patent licenses were necessary if they licensed
RSA software."  Is this true?
     
     A. No.  During the arbitration, however, one prospective RSA
     licensee approached Cylink and said that RSA kept assuring
     them that they didn't need a patent license to make their own
     copies of RSA public key software, but they had gotten
     suspicious when their own lawyers looked at the question
     closely.  Cylink told the prospect that a patent license was
     needed for some of their projects, but in this instance Cylink
     would not interfere with the pending RSA deal.  

     RSA customers who take the initiative and contact Cylink (as
     in this special case) can expect cooperation in resolving the
     patent problem.
     
Q. Why was PKP formed?
     
     A. Cylink formed PKP with RSA to pool both parties' rights to
     the Stanford and MIT patents, promote public key technology,
     and generate licensing revenue for the partners, the
     universities which owned the patents, and the inventors. 
      
Q. Why was PKP dissolved?
     
     A. Obviously great animosity has grown between the parties. 
     The main reason is that RSA frustrated Cylink's efforts to
     settle the U.S. Government's efforts to license the Digital
     Signature Standard. Now that Cylink has the Stanford patents
     back, the DSS as well as other public key techniques can begin
     competing with RSA in the market.  
     
Q. How will these public key implementations compete with RSA?
Isn't RSA a "de facto" standard?
     
     A. If anything, RSA software (which includes Stanford
     algorithms such as Diffie-Hellman) has been prevalent by
     "default" - not by choice.  Now the market will have a choice
     between multiple vendors competing on price as well as
     technical implementation.  Only after RSA's software faces the
     test of competition can it fairly claim to be a standard.
     
Q. In his recent statement, RSA's president makes numerous
accusations about Cylink's use of the RSA algorithm.  What are the
facts?
     
     A. The arbitrators award is very clear that Cylink in fact has
     certain rights to license the MIT patent.  Specifically,
     Cylink has an option to license the MIT patent provided it
     uses some software provided by RSA.  This places Cylink in a
     better position than RSA's other customers who have no rights
     to the Stanford patents.  

     It is important to remember that Cylink built its business for
     the last ten years on the use of Stanford public key
     technology - which proves our point that you don't need RSA or
     its software to practice public key.
     
Q. Doesn't Cylink use the RSA algorithm in one of its products.
     
     A. Yes, and only one.  What RSA fails to mention is that
     Cylink's largest customer, SWIFT, already holds its own PKP
     license which the arbitrators forced RSA to grant.  This
     license allows Cylink to make the product for SWIFT.
     
Q. RSA claims that Cylink was offered a license to the RSA Patent,
and that Cylink turned it down.  Is that true?  
     
     A. Like a lot of what RSA says, it's a half-truth.  In June,
     1994, RSA did offer a patent license, and Cylink did turn it
     down.  Why?  Because a condition of the license was that
     Cylink release RSA for all liability for its licensing
     practices.  In other words, the price for the license was more
     than just the royalty.  Cylink was being asked to forgive RSA
     for the wrongs it committed over the years, and this Cylink
     would not do.
     
Q. Why did Cylink decide to use RSA is this one product?
     
     A. During PKP's existence, RSA frequently sought Cylink's
     support for its technology by asking Cylink to use RSA.  While
     RSA now tells a different story, RSA's own newsletter (see,
     for example RSA's "Ciphertext" Fall 1993 issue) and corporate
     profile frequently promoted Cylink's use of RSA long before
     the parties fell into their dispute over licensing DSS. 
     Having cooperated with RSA, and agreed to use their technology
     in one product, RSA tried to blackmail Cylink to stop PKP's
     settlement with the Government.
     
     In any event, the restrictions imposed by the arbitrators on
     RSA's licensing business are far more severe than the minor
     inconvenience Cylink may experience in retro-fitting its
     product with Stanford technology.
     
Q. What will Cylink do with the Stanford patents now?
     
     A. Before the arbitrators' decision many of RSA's customers
     had no reason to doubt RSA's word.  Those RSA customers who
     now come forward will be offered very favorable agreements.
     Cylink is more interested in establishing commercial
     relationships with RSA's licensees and promoting public key
     technology than in disrupting existing business.  
     
Q. Will Cylink attempt to stop the non-commercial use of public key
(such as in PGP)?
     
     A. No.  Although, technically, a Stanford patent license is
     needed for the public domain software such as PGP, Cylink
     intends to promote the use of public key on the Internet. 
     Cylink intends to announce a royalty-free license for personal
     use after meeting with a spokesperson for the PGP community. 
     Watch Cylink's home page for details. (http://www.cylink.com)
     
Q. What advice can you give?
     
     A. Get the facts first.  Read the arbitrators decision,
     including their September 12 ruling which denied RSA's request
     for modification.  Then call us.  

     (Call Bob Fougner at 408-735-5893, fax 408-735-6642, e-mail:
     fougner@cylink.com).

---------------------- Cylink Corporation -------------------------

John Kennedy 
Cylink Corporation
408-735-5885
jkennedy@cylink.com


--
"Freedom is meaningless unless  | ic58@jove.acs.unt.edu - James Childers
 you can give to those with whom| No man's freedom is safe
 you disagree." - Jefferson     |    while Congress is in session
        EA 73 53 12 4E 08 27 6C   21 64 28 51 92 0E 7C F7





Thread