From: "baldwin" <baldwin@RSA.COM (Robert W. Baldwin)>
Date: Thu, 28 Sep 95 12:03:44 PDT
To: baldwin@RSA.COM (Robert W. Baldwin)
Subject: Q&A on the RSA/Cylink legal dispute
Message-ID: <9508288123.AA812314973@snail.rsa.com>
MIME-Version: 1.0
Content-Type: text/plain



        Here is RSA's Question & Answer sheet on the arbitration.
It is available on our web site, www.rsa.com.
                --Bob

______________________________ Forward Header __________________________________

  [RSALogo]   ---------------------------------------------------------------
              Q&A ON THE RSA/CYLINK LEGAL DISPUTE

This page contains general questions that have been brought up to us 
regarding the legal dispute between RSA and Cylink. We are providing these 
answers in hopes that you may better understand the issues.

----------------------------------------------------------------------------

                             September 25, 1995

Q. How did RSA's legal disputes with Cylink begin?

     A. It began in April of 1994 when Cylink filed an Arbitration Demand 
     seeking to have a panel rule that Cylink was entitled to a retroactive 
     patent license to RSA, also called the MIT patent. That was the extent 
     of their Arbitration Demand at that time. The dispute was precipitated 
     by RSA's discovery that Cylink had entered into a secret deal to 
     provide products incorporating the patented MIT technology - even 
     though Cylink knew it did not have a license.
                                ------------------

Q. Why didn't PKP/RSA just sell them one? Isn't that their business?

     A. We offered them one several times. They wanted to pay essentially 
     nothing for it. Although Cylink denied it, the fact that we offered 
     them a license was confirmed by the Arbitrators in their ruling.
                                ------------------

Q. Patents are routinely licensed and royalties routinely paid; why did 
Cylink go to the extraordinary length of suing RSA Data Security to obtain a 
license?

     A. We learned that in April of 1994 Cylink had won, over other bidders, 
     a very substantial business deal with SWIFT (an international banking 
     consortium) to provide X.25 encryption units for use by SWIFT on a 
     worldwide basis. SWIFT had insisted that these products use the RSA 
     patented technology for key management and authentication. Cylink had 
     represented to SWIFT in their April 1994 contract that Cylink had a 
     license to provide RSA technology. But they didn't. Cylink chose to sue 
     us to win a retroactive license rather than simply admit what they had 
     done and pay for a license. Cylink never informed us of their use of 
     RSA or the representation to SWIFT. They never paid a penny to PKP or 
     RSA for their unlicensed use of the RSA technology. They never even put 
     any royalties aside. None of these facts are in dispute and are all a 
     matter of public record.
                                ------------------

Q. How did the litigation go beyond a limited Arbitration over a license?

     A. We didn't understand it at the time, but it's obvious now. While 
     more claims and counterclaims were added to the Arbitration demand, 
     Cylink knew of their SWIFT problem and other similar problems; we 
     didn't. We believe that they were desperately trying to cover their 
     unlicensed use of RSA by trying to litigate us into submission before 
     it was discovered. It didn't work.
                                ------------------

Q. What were the additional claims by each side?

     A. Charges were made by each RSA and Cylink that the other had breached 
     the exclusive licensing authority of PKP among other wrongful acts. 
     This brought a second set of issues for the Arbitrators. Finally, both 
     parties asked to have PKP dissolved as we obviously could not continue 
     as business partners; this was the third issue to be decided. It's 
     quite clear in the Arbitration Panel's ruling that there were only 
     three issues to be decided: (a) is Cylink entitled to a retroactive 
     license to use RSA; (b) did either party breach the Partnership 
     Agreement; and (c) should PKP be dissolved. The answers were no, no, 
     and yes.
                                ------------------

Q. If that's true, then how does Cylink claim that the Panel's ruling 
determined that RSA software customers are infringing the Stanford patents?

     A. The Arbitration Panel did not determine that the use of RSA software 
     by RSA licensees or that the practice of RSA infringes the Stanford 
     patents. It is most certainly true that the ruling was very limited; the 
     Ruling itself starts out by stating the questions. The Panel did not, 
     under any interpretation, rule on patent validity or determine that 
     anyone was infringing. Cylink's claims to the contrary, along with their 
     claims that somehow Cylink can rely on the Ruling to prove infringement 
     is simply not true and ignores many other facts.
                                ------------------

Q. What other facts?

     A. The Panel's ruling was very specific. Everything it said about third 
     parties, including RSA customers who use software, refers to their need 
     for patent licenses. If you bought software from RSA and RSA itself had 
     the rights to make that software and license it to you, you don't need 
     a separate patent license; rights to the patents came with the product. 
     The Ruling also states, "RSA has a right to license its software."
                                ------------------

Q. Under what circumstances would you need a separate patent license?

     A. If you want to make your own product -as opposed to buying one, such 
     as RSA's software- you need a patent license. If you bought a software 
     product but didn't use it, meaning you wrote your own, or re-wrote it, 
     then you may need a separate patent license to do that. We believe the 
     Panel was simply making it clear that just because you bought software 
     from RSA, that fact alone doesn't mean you are free from the need for a 
     separate patent license if you're not using the RSA software and making 
     your own. You didn't get an explicit patent license with the software, 
     you got rights under the patents as necessary to use the software. If 
     you're using RSA's software -you didn't write your own- you don't need 
     a separate patent license under either the MIT or Stanford patents.
                                ------------------

Q. Are there other relevant facts that Cylink has ignored?

     A. Perhaps the most important fact that Cylink is carefully ignoring is 
     that Cylink knows RSA did indeed have rights to make products under the 
     MIT and Stanford patents. Cylink, for over five years, knowing full 
     well what RSA sold and how, has not only referred customers to us, but 
     in some cases where the customer was being cautious, Cylink confirmed 
     to them in writing at their request that no separate patent licenses 
     were necessary if they licensed RSA software. In other words, prospects 
     of RSA's went to Cylink and said, "We're going to license this software 
     from RSA. Do we need separate patent licenses from Cylink or PKP?" 
     Cylink confirmed the answer - no. (And those companies then did in fact 
     license our software. Cylink didn't turn around and sue them.) This 
     alone should deter Cylink from bringing infringement suits against RSA 
     customers. Nothing in the Panel's ruling changes any part of these 
     facts. In fact, Cylink acknowledgment that RSA had such rights came out 
     in the Arbitration proceeding itself. It's a matter of record. Cylink 
     would also not like anyone to be aware that a suit was filed in Federal 
     Court in 1994 to invalidate the Stanford patents, and that a ruling is 
     due in December.
                                ------------------

Q. How is RSA protecting its customers from action by Cylink?

     A. We have filed a Declaratory Relief Action in Federal Court. In that 
     action, we have essentially said that Cylink is estopped -prevented- 
     from taking action against anyone for infringing the Stanford patents 
     for several reasons. The main reason is that companies who licensed 
     software from RSA Data Security rather than "build their own" software 
     do not need separate licenses to the MIT or Stanford patents. Since 
     Cylink has confirmed this many times since 1990, they should not sue 
     anyone for infringement. Another reason is that the Stanford patents 
     are unenforceable and/or invalid. This action by RSA means that any 
     suit brought by Cylink against anyone for infringement of the Stanford 
     patents should be stopped until the resolution of the Declaratory 
     Relief action, and Cylink will have to prevail on all the points above 
     before they can assert any infringement. We have also indemnified our 
     customers against claims such as those implicitly threatened by Cylink. 
     RSA intends to stand behind these indemnity agreements fully. Anyone 
     can bring a lawsuit for just about any reason. If Cylink tries to sue 
     an RSA customer, RSA has both the determination and the resources to 
     defend any such action. Read the Cylink press release carefully. Cylink 
     huffs and puffs a lot, but is not directly threatening to sue anyone 
     -that would mean they would be forced to fight the virtually impossible 
     battle of prevailing on every point in our Declaratory Relief action- 
     but instead are saying that buying a license can eliminate any risk.
                                ------------------

Q. Has anyone else challenged the Stanford patents?

     A. A suit was filed in Federal Court last year by Roger Schlafly to 
     invalidate the Stanford patents. A ruling is due in December. From what 
     we've seen, Schlafly's claims raise disturbing questions about the 
     Stanford patents. This whole business of the Stanford patents may be 
     moot in a few months. There may be no risk - and no need to try to get 
     any money back from Cylink.
                                ------------------

Q. What will be the significance of PKP being dissolved?

     A. The most important change we see is that licenses to the MIT patent 
     will be available for the first time in over five years without Cylink 
     interference. * There is a tremendous amount of pent-up demand, and we 
     are very busy filling it. Many of the largest companies in Europe, Asia, 
     and the US are purchasing licenses to bring RSA-based products to 
     market, including many low-cost chips and smart cards. We have already 
     licensed a number of large and small companies that are bringing 
     RSA-based electronic commerce, access control, and Internet security 
     systems to market; we expect many, many more.
                                ------------------

Q. Why can't RSA and Cylink simply settle their differences?

     A. That's a good question. The fact is that RSA recognizes this 
     litigation is not beneficial to anyone and has offered to settle the 
     dispute by granting Cylink a license to the MIT patent. Cylink has 
     consistently overestimated the strength of its legal position and has 
     refused all reasonable offers. Cylink now finds itself in the 
     unenviable position of trying to sell its security products without RSA 
     technology - which is the de facto industry standard. No amount of 
     "spin doctoring" in press releases by Cylink changes that fact.
                                ------------------

* During its existence from April of 1990 until September of this year, PKP 
could not grant any license without the approval of both partners. As a 
result of PKP's dissolution, the rights to the Stanford patents were 
returned to Cylink, and the exclusive right to license the MIT patent (RSA) 
was returned to RSA Data Security, Inc. Cylink currently has no rights to 
sell any products incorporating the MIT patented technology.

---------------------------------------------------------------------------- 
(C) 1995 RSA Data Security, Inc. All rights reserved.
Permission granted for unlimited reproduction and distribution unmodified.