Here is RSA's Question & Answer sheet on the arbitration. It is available on our web site, www.rsa.com. --Bob ______________________________ Forward Header __________________________________ [RSALogo] --------------------------------------------------------------- Q&A ON THE RSA/CYLINK LEGAL DISPUTE This page contains general questions that have been brought up to us regarding the legal dispute between RSA and Cylink. We are providing these answers in hopes that you may better understand the issues. ---------------------------------------------------------------------------- September 25, 1995 Q. How did RSA's legal disputes with Cylink begin? A. It began in April of 1994 when Cylink filed an Arbitration Demand seeking to have a panel rule that Cylink was entitled to a retroactive patent license to RSA, also called the MIT patent. That was the extent of their Arbitration Demand at that time. The dispute was precipitated by RSA's discovery that Cylink had entered into a secret deal to provide products incorporating the patented MIT technology - even though Cylink knew it did not have a license. ------------------ Q. Why didn't PKP/RSA just sell them one? Isn't that their business? A. We offered them one several times. They wanted to pay essentially nothing for it. Although Cylink denied it, the fact that we offered them a license was confirmed by the Arbitrators in their ruling. ------------------ Q. Patents are routinely licensed and royalties routinely paid; why did Cylink go to the extraordinary length of suing RSA Data Security to obtain a license? A. We learned that in April of 1994 Cylink had won, over other bidders, a very substantial business deal with SWIFT (an international banking consortium) to provide X.25 encryption units for use by SWIFT on a worldwide basis. SWIFT had insisted that these products use the RSA patented technology for key management and authentication. Cylink had represented to SWIFT in their April 1994 contract that Cylink had a license to provide RSA technology. But they didn't. Cylink chose to sue us to win a retroactive license rather than simply admit what they had done and pay for a license. Cylink never informed us of their use of RSA or the representation to SWIFT. They never paid a penny to PKP or RSA for their unlicensed use of the RSA technology. They never even put any royalties aside. None of these facts are in dispute and are all a matter of public record. ------------------ Q. How did the litigation go beyond a limited Arbitration over a license? A. We didn't understand it at the time, but it's obvious now. While more claims and counterclaims were added to the Arbitration demand, Cylink knew of their SWIFT problem and other similar problems; we didn't. We believe that they were desperately trying to cover their unlicensed use of RSA by trying to litigate us into submission before it was discovered. It didn't work. ------------------ Q. What were the additional claims by each side? A. Charges were made by each RSA and Cylink that the other had breached the exclusive licensing authority of PKP among other wrongful acts. This brought a second set of issues for the Arbitrators. Finally, both parties asked to have PKP dissolved as we obviously could not continue as business partners; this was the third issue to be decided. It's quite clear in the Arbitration Panel's ruling that there were only three issues to be decided: (a) is Cylink entitled to a retroactive license to use RSA; (b) did either party breach the Partnership Agreement; and (c) should PKP be dissolved. The answers were no, no, and yes. ------------------ Q. If that's true, then how does Cylink claim that the Panel's ruling determined that RSA software customers are infringing the Stanford patents? A. The Arbitration Panel did not determine that the use of RSA software by RSA licensees or that the practice of RSA infringes the Stanford patents. It is most certainly true that the ruling was very limited; the Ruling itself starts out by stating the questions. The Panel did not, under any interpretation, rule on patent validity or determine that anyone was infringing. Cylink's claims to the contrary, along with their claims that somehow Cylink can rely on the Ruling to prove infringement is simply not true and ignores many other facts. ------------------ Q. What other facts? A. The Panel's ruling was very specific. Everything it said about third parties, including RSA customers who use software, refers to their need for patent licenses. If you bought software from RSA and RSA itself had the rights to make that software and license it to you, you don't need a separate patent license; rights to the patents came with the product. The Ruling also states, "RSA has a right to license its software." ------------------ Q. Under what circumstances would you need a separate patent license? A. If you want to make your own product -as opposed to buying one, such as RSA's software- you need a patent license. If you bought a software product but didn't use it, meaning you wrote your own, or re-wrote it, then you may need a separate patent license to do that. We believe the Panel was simply making it clear that just because you bought software from RSA, that fact alone doesn't mean you are free from the need for a separate patent license if you're not using the RSA software and making your own. You didn't get an explicit patent license with the software, you got rights under the patents as necessary to use the software. If you're using RSA's software -you didn't write your own- you don't need a separate patent license under either the MIT or Stanford patents. ------------------ Q. Are there other relevant facts that Cylink has ignored? A. Perhaps the most important fact that Cylink is carefully ignoring is that Cylink knows RSA did indeed have rights to make products under the MIT and Stanford patents. Cylink, for over five years, knowing full well what RSA sold and how, has not only referred customers to us, but in some cases where the customer was being cautious, Cylink confirmed to them in writing at their request that no separate patent licenses were necessary if they licensed RSA software. In other words, prospects of RSA's went to Cylink and said, "We're going to license this software from RSA. Do we need separate patent licenses from Cylink or PKP?" Cylink confirmed the answer - no. (And those companies then did in fact license our software. Cylink didn't turn around and sue them.) This alone should deter Cylink from bringing infringement suits against RSA customers. Nothing in the Panel's ruling changes any part of these facts. In fact, Cylink acknowledgment that RSA had such rights came out in the Arbitration proceeding itself. It's a matter of record. Cylink would also not like anyone to be aware that a suit was filed in Federal Court in 1994 to invalidate the Stanford patents, and that a ruling is due in December. ------------------ Q. How is RSA protecting its customers from action by Cylink? A. We have filed a Declaratory Relief Action in Federal Court. In that action, we have essentially said that Cylink is estopped -prevented- from taking action against anyone for infringing the Stanford patents for several reasons. The main reason is that companies who licensed software from RSA Data Security rather than "build their own" software do not need separate licenses to the MIT or Stanford patents. Since Cylink has confirmed this many times since 1990, they should not sue anyone for infringement. Another reason is that the Stanford patents are unenforceable and/or invalid. This action by RSA means that any suit brought by Cylink against anyone for infringement of the Stanford patents should be stopped until the resolution of the Declaratory Relief action, and Cylink will have to prevail on all the points above before they can assert any infringement. We have also indemnified our customers against claims such as those implicitly threatened by Cylink. RSA intends to stand behind these indemnity agreements fully. Anyone can bring a lawsuit for just about any reason. If Cylink tries to sue an RSA customer, RSA has both the determination and the resources to defend any such action. Read the Cylink press release carefully. Cylink huffs and puffs a lot, but is not directly threatening to sue anyone -that would mean they would be forced to fight the virtually impossible battle of prevailing on every point in our Declaratory Relief action- but instead are saying that buying a license can eliminate any risk. ------------------ Q. Has anyone else challenged the Stanford patents? A. A suit was filed in Federal Court last year by Roger Schlafly to invalidate the Stanford patents. A ruling is due in December. From what we've seen, Schlafly's claims raise disturbing questions about the Stanford patents. This whole business of the Stanford patents may be moot in a few months. There may be no risk - and no need to try to get any money back from Cylink. ------------------ Q. What will be the significance of PKP being dissolved? A. The most important change we see is that licenses to the MIT patent will be available for the first time in over five years without Cylink interference. * There is a tremendous amount of pent-up demand, and we are very busy filling it. Many of the largest companies in Europe, Asia, and the US are purchasing licenses to bring RSA-based products to market, including many low-cost chips and smart cards. We have already licensed a number of large and small companies that are bringing RSA-based electronic commerce, access control, and Internet security systems to market; we expect many, many more. ------------------ Q. Why can't RSA and Cylink simply settle their differences? A. That's a good question. The fact is that RSA recognizes this litigation is not beneficial to anyone and has offered to settle the dispute by granting Cylink a license to the MIT patent. Cylink has consistently overestimated the strength of its legal position and has refused all reasonable offers. Cylink now finds itself in the unenviable position of trying to sell its security products without RSA technology - which is the de facto industry standard. No amount of "spin doctoring" in press releases by Cylink changes that fact. ------------------ * During its existence from April of 1990 until September of this year, PKP could not grant any license without the approval of both partners. As a result of PKP's dissolution, the rights to the Stanford patents were returned to Cylink, and the exclusive right to license the MIT patent (RSA) was returned to RSA Data Security, Inc. Cylink currently has no rights to sell any products incorporating the MIT patented technology. ---------------------------------------------------------------------------- (C) 1995 RSA Data Security, Inc. All rights reserved. Permission granted for unlimited reproduction and distribution unmodified.