[1224] in cryptography@c2.net mail archive
Re: Attorneys: RSA patent invalid
daemon@ATHENA.MIT.EDU (Vin McLellan)
Sun Jul 20 03:24:21 1997
Date: Sat, 19 Jul 1997 19:24:42 -0500
To: cryptography@c2.net
From: Vin McLellan <vin@shore.net>
Apparently after reading Flinn and Jordan's attempt to debunk the
RSA patent <http://www.cyberlaw.com/rsa.html> Matt Gering
<mgering@ricochet.net> queried the List:
>Would someone have to sue RSA and/or the US PTO in order to invalidate the
>patent, or would they have to violate the patent and sucessfully defend
>themselves?
>
>I've often wondered why it hasn't been done already.
To which the always informative John R Levine <johnl@iecc.com>
responded:
>You can request that the patent office reexamine the patent, which is
>what happened to the Comptons multimedia patent, you can file to have it
>declared invalid, or you can disregard it and defend any infringement
>suit that comes along.
>
>The first is very risky because the reexamination isn't a court proceeding,
>just a patent office adminstrative thing, and if they decide the patent's
>good after all, that strengthens the presumed validity of the patent. The
>other two are very expensive.
There is one _other_ possibility as to why the patent hasn't been
challenged by the big (and rich) system and iron companies that have
regularly paid RSADSI royalties over the years. Their attorneys looked
closely at the RSA patent and decided -- in the peripathetic Bill Stewart's
words over on the Cyberia List -- that it is "simple, elegant, and
straightforward, but not obvious."
In a word: "solid."
If Flinn and Jordan's elegant presentation in Cyberlaw charmed
anyone into believing that the RSA's PKC patent has survived "due largely
to luck, bluster, and the naiveti of potential competitors," it is worth
remembering that the patent lawyers for companies like Lotus, IBM, Sun,
Microsoft, etc., were apparently of a different opinion. Those companies
typically have their patent attorneys march into court in phalanx
formation, and none are poor or bashful. Each of those companies and a
hundred more decided that challenging the RSA patent was a bad bet and
decided to pay instead.
(I did a stint working for IBM's litigation team, and they were
sharks in $700 suits. Naivete was not a prominent attribute among them.
And neither "luck" nor "bluster" was going to deter them if they got the
scent of weakness or of blood in the water.)
Flinn has a bone to pick with RSADSI. As Cylink's attorney he
preped for the case of his career while Cylink and RSADSI were at each
other's throats, after the dissolution of their licensing partnership.
Flinn (doubtless a Mako himself;-) spent years honing his argument, only to
be left without a stage when Cylink buckled and settled, leaving RSA whole
and in charge of all licenses previously granted by the Cylink/RSA
"partnership."
Flinn may have overpreped on this one. The law profs over on
Cyberia-L seem to dismiss most of the Flinn & Jordan exotic patent law
arguments as airy nonsense -- albeit with a sketch of PKC presented
forcefully and with admirable clarity.
RSADSI may be a difficult to avoid if you want to make money off
the RSA patent in the US and Canada, but their negotiators can't be much
tougher than those fielded by the megafirms which adopted RSA as their base
crypto security -- and anything less than tough would have had them eaten
alive by the big boys.
Also, RSADSI really _worked_ that patent. It rarely licensed the
"concept," it usually provided the whole implementation, along with
alternatives and complementary code, packaged in a toolkit -- at a price
and under T&Cs that their big customers must have considered fair and
equitable.
Behind RSA PKC, of course, was the RSA Labs and Ron Rivest (himself
alone a once-in-a-generation creative resource: RC2, RC4, RC5 & MD2, MD4,
MD5.) I know there are some who don't believe that Rivest et al have any
right to claim an intellectual property right on the products of their
creativity -- because it is a cryptographic device, or because it is
manifest in software -- but I presume few who make their living from ideas
would agree. (Although many of us might structure the law differently.)
RSADSI built its reputation as much on those implementation
toolkits, the creativity of the Labs, and its role as a trusted vendor to
many competitors, as it did on the RSA PKC patent -- but this company was
never a cash cow. I've heard educated estimates of RSADSI's total
revenues, for all the years prior to it's acquisition by Security Dynamics
(SDTI) last year, at $15 million. Couldn't be much more. (SEC docs filed
prior to the merger probably give a solid number, but I don't have them
handy.) This is not the revenue of a firm which was bleeding Corporate
America at the jugular.
SDTI -- for whom I've been a consultant off and on for years --
paid about $250 million to purchase RSADSI. (For the three years left of
the RSA PKC patent? Hardly! Revenues from the RSA PKC patent won't bring
in a fraction of that.)
SDTI justified the purchase price on what it felt RSA's wetware
(staff;-), future plans, and reputation among its licensees was worth. I
know the crypto community is still a little shell-shocked at the purchase
price, but Wall Street loved it -- and SDTI, a year later, still thinks it
got a bargain!
Now you gotta ask yourself: Is it likely that a "corporate
extortionist" or "patent terrorist" could build a reputation among their
customers that so many envy... and others value so?
Suerte,
_Vin
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin@shore.net> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
