From: “baldwin” <baldwin@RSA.COM (Robert W. Baldwin)>
To: baldwin@RSA.COM (Robert W. Baldwin)
Message Hash: 6e0d20479d0ad12a2eb2fe8f98b0ac22256d7c495dd6ad9894e1fbc0f060a1dc
Message ID: <9508288123.AA812314973@snail.rsa.com>
Reply To: N/A
UTC Datetime: 1995-09-28 19:03:44 UTC
Raw Date: Thu, 28 Sep 95 12:03:44 PDT
From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Thu, 28 Sep 95 12:03:44 PDT
To: baldwin@RSA.COM (Robert W. Baldwin)
Subject: Q&A on the RSA/Cylink legal dispute
Message-ID: <9508288123.AA812314973@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain
Here is RSA's Question & Answer sheet on the arbitration.
It is available on our web site, www.rsa.com.
--Bob
______________________________ Forward Header __________________________________
[RSALogo] ---------------------------------------------------------------
Q&A ON THE RSA/CYLINK LEGAL DISPUTE
This page contains general questions that have been brought up to us
regarding the legal dispute between RSA and Cylink. We are providing these
answers in hopes that you may better understand the issues.
----------------------------------------------------------------------------
September 25, 1995
Q. How did RSA's legal disputes with Cylink begin?
A. It began in April of 1994 when Cylink filed an Arbitration Demand
seeking to have a panel rule that Cylink was entitled to a retroactive
patent license to RSA, also called the MIT patent. That was the extent
of their Arbitration Demand at that time. The dispute was precipitated
by RSA's discovery that Cylink had entered into a secret deal to
provide products incorporating the patented MIT technology - even
though Cylink knew it did not have a license.
------------------
Q. Why didn't PKP/RSA just sell them one? Isn't that their business?
A. We offered them one several times. They wanted to pay essentially
nothing for it. Although Cylink denied it, the fact that we offered
them a license was confirmed by the Arbitrators in their ruling.
------------------
Q. Patents are routinely licensed and royalties routinely paid; why did
Cylink go to the extraordinary length of suing RSA Data Security to obtain a
license?
A. We learned that in April of 1994 Cylink had won, over other bidders,
a very substantial business deal with SWIFT (an international banking
consortium) to provide X.25 encryption units for use by SWIFT on a
worldwide basis. SWIFT had insisted that these products use the RSA
patented technology for key management and authentication. Cylink had
represented to SWIFT in their April 1994 contract that Cylink had a
license to provide RSA technology. But they didn't. Cylink chose to sue
us to win a retroactive license rather than simply admit what they had
done and pay for a license. Cylink never informed us of their use of
RSA or the representation to SWIFT. They never paid a penny to PKP or
RSA for their unlicensed use of the RSA technology. They never even put
any royalties aside. None of these facts are in dispute and are all a
matter of public record.
------------------
Q. How did the litigation go beyond a limited Arbitration over a license?
A. We didn't understand it at the time, but it's obvious now. While
more claims and counterclaims were added to the Arbitration demand,
Cylink knew of their SWIFT problem and other similar problems; we
didn't. We believe that they were desperately trying to cover their
unlicensed use of RSA by trying to litigate us into submission before
it was discovered. It didn't work.
------------------
Q. What were the additional claims by each side?
A. Charges were made by each RSA and Cylink that the other had breached
the exclusive licensing authority of PKP among other wrongful acts.
This brought a second set of issues for the Arbitrators. Finally, both
parties asked to have PKP dissolved as we obviously could not continue
as business partners; this was the third issue to be decided. It's
quite clear in the Arbitration Panel's ruling that there were only
three issues to be decided: (a) is Cylink entitled to a retroactive
license to use RSA; (b) did either party breach the Partnership
Agreement; and (c) should PKP be dissolved. The answers were no, no,
and yes.
------------------
Q. If that's true, then how does Cylink claim that the Panel's ruling
determined that RSA software customers are infringing the Stanford patents?
A. The Arbitration Panel did not determine that the use of RSA software
by RSA licensees or that the practice of RSA infringes the Stanford
patents. It is most certainly true that the ruling was very limited; the
Ruling itself starts out by stating the questions. The Panel did not,
under any interpretation, rule on patent validity or determine that
anyone was infringing. Cylink's claims to the contrary, along with their
claims that somehow Cylink can rely on the Ruling to prove infringement
is simply not true and ignores many other facts.
------------------
Q. What other facts?
A. The Panel's ruling was very specific. Everything it said about third
parties, including RSA customers who use software, refers to their need
for patent licenses. If you bought software from RSA and RSA itself had
the rights to make that software and license it to you, you don't need
a separate patent license; rights to the patents came with the product.
The Ruling also states, "RSA has a right to license its software."
------------------
Q. Under what circumstances would you need a separate patent license?
A. If you want to make your own product -as opposed to buying one, such
as RSA's software- you need a patent license. If you bought a software
product but didn't use it, meaning you wrote your own, or re-wrote it,
then you may need a separate patent license to do that. We believe the
Panel was simply making it clear that just because you bought software
from RSA, that fact alone doesn't mean you are free from the need for a
separate patent license if you're not using the RSA software and making
your own. You didn't get an explicit patent license with the software,
you got rights under the patents as necessary to use the software. If
you're using RSA's software -you didn't write your own- you don't need
a separate patent license under either the MIT or Stanford patents.
------------------
Q. Are there other relevant facts that Cylink has ignored?
A. Perhaps the most important fact that Cylink is carefully ignoring is
that Cylink knows RSA did indeed have rights to make products under the
MIT and Stanford patents. Cylink, for over five years, knowing full
well what RSA sold and how, has not only referred customers to us, but
in some cases where the customer was being cautious, Cylink confirmed
to them in writing at their request that no separate patent licenses
were necessary if they licensed RSA software. In other words, prospects
of RSA's went to Cylink and said, "We're going to license this software
from RSA. Do we need separate patent licenses from Cylink or PKP?"
Cylink confirmed the answer - no. (And those companies then did in fact
license our software. Cylink didn't turn around and sue them.) This
alone should deter Cylink from bringing infringement suits against RSA
customers. Nothing in the Panel's ruling changes any part of these
facts. In fact, Cylink acknowledgment that RSA had such rights came out
in the Arbitration proceeding itself. It's a matter of record. Cylink
would also not like anyone to be aware that a suit was filed in Federal
Court in 1994 to invalidate the Stanford patents, and that a ruling is
due in December.
------------------
Q. How is RSA protecting its customers from action by Cylink?
A. We have filed a Declaratory Relief Action in Federal Court. In that
action, we have essentially said that Cylink is estopped -prevented-
from taking action against anyone for infringing the Stanford patents
for several reasons. The main reason is that companies who licensed
software from RSA Data Security rather than "build their own" software
do not need separate licenses to the MIT or Stanford patents. Since
Cylink has confirmed this many times since 1990, they should not sue
anyone for infringement. Another reason is that the Stanford patents
are unenforceable and/or invalid. This action by RSA means that any
suit brought by Cylink against anyone for infringement of the Stanford
patents should be stopped until the resolution of the Declaratory
Relief action, and Cylink will have to prevail on all the points above
before they can assert any infringement. We have also indemnified our
customers against claims such as those implicitly threatened by Cylink.
RSA intends to stand behind these indemnity agreements fully. Anyone
can bring a lawsuit for just about any reason. If Cylink tries to sue
an RSA customer, RSA has both the determination and the resources to
defend any such action. Read the Cylink press release carefully. Cylink
huffs and puffs a lot, but is not directly threatening to sue anyone
-that would mean they would be forced to fight the virtually impossible
battle of prevailing on every point in our Declaratory Relief action-
but instead are saying that buying a license can eliminate any risk.
------------------
Q. Has anyone else challenged the Stanford patents?
A. A suit was filed in Federal Court last year by Roger Schlafly to
invalidate the Stanford patents. A ruling is due in December. From what
we've seen, Schlafly's claims raise disturbing questions about the
Stanford patents. This whole business of the Stanford patents may be
moot in a few months. There may be no risk - and no need to try to get
any money back from Cylink.
------------------
Q. What will be the significance of PKP being dissolved?
A. The most important change we see is that licenses to the MIT patent
will be available for the first time in over five years without Cylink
interference. * There is a tremendous amount of pent-up demand, and we
are very busy filling it. Many of the largest companies in Europe, Asia,
and the US are purchasing licenses to bring RSA-based products to
market, including many low-cost chips and smart cards. We have already
licensed a number of large and small companies that are bringing
RSA-based electronic commerce, access control, and Internet security
systems to market; we expect many, many more.
------------------
Q. Why can't RSA and Cylink simply settle their differences?
A. That's a good question. The fact is that RSA recognizes this
litigation is not beneficial to anyone and has offered to settle the
dispute by granting Cylink a license to the MIT patent. Cylink has
consistently overestimated the strength of its legal position and has
refused all reasonable offers. Cylink now finds itself in the
unenviable position of trying to sell its security products without RSA
technology - which is the de facto industry standard. No amount of
"spin doctoring" in press releases by Cylink changes that fact.
------------------
* During its existence from April of 1990 until September of this year, PKP
could not grant any license without the approval of both partners. As a
result of PKP's dissolution, the rights to the Stanford patents were
returned to Cylink, and the exclusive right to license the MIT patent (RSA)
was returned to RSA Data Security, Inc. Cylink currently has no rights to
sell any products incorporating the MIT patented technology.
----------------------------------------------------------------------------
(C) 1995 RSA Data Security, Inc. All rights reserved.
Permission granted for unlimited reproduction and distribution unmodified.
Return to September 1995
Return to “Jeff Barber <jeffb@sware.com>”