Cyberlaw says RSA patent is shaky -Reply (fwd)

Rohit Khare (khare@w3.org)
Thu, 17 Jul 1997 15:58:49 -0400 (EDT)


Date: Thu, 17 Jul 1997 15:01:01 -0400
From: "Dan L. Burk" <BURKDANL@SHU.EDU>
Subject: Cyberlaw says RSA patent is shaky -Reply
To: CYBERIA-L@LISTSERV.AOL.COM

>>> Vin McLellan <vin@SHORE.NET> 7/17/97, 11:37am >>>

>The full article can be found at http://www.cyberlaw.com/rsa.html
>
> -------------------
> I'd love to see some further analysis of this article.
>
> I've worked for extraordinarily litigious and patent-savvy
>firms (IBM among them) who looked closely at the RSA patent and
>decided to honor it rather than fight it. They sure as hell weren't
>dumb, scared, or naive.
>
> What did they see that Flinn and Jordan overlook?

A couple of (very) preliminary thoughts:

First, the article is rather nicely written, and contains an
explanation of the patent that should be fairly accessible to
laypersons. It also contains some interesting food for thought, and
ought to be read for both reasons.

The authors offer a series of reasons as to why they think the RSA
patent is narrower than commonly believed, and possibly invalid. I
will mention the invalidity arguments briefly: they regard statutory
subject matter, best mode, and obviousness.

The only argument of these three that needs to be taken seriously is
obviousness -- the best mode argument is especially weak (as anyone
who has followed best mode jurisprudence will know). It is simply
not a winning argument. Neither is the statutory subject matter
argument, given that the PTO (not to mention the Federal Circuit)
barely even pays lip service to the tangible embodiment criteria of
Diamond v. Diehr anymore.

That leaves obviousness, which I am very frankly not qualified to
assess without a lot more research than I am inclined to do just now.
I will say that proving obviousness to a court is likely to be
extremely expensive, and the majority of district court judges are
going to hate you a lot after you've said "modulo" a few times.

The bulk of the article consists of a claims interpretation analysis
which in a nutshell goes like this: the RSA claims are drafted in
such a way that key generation is an element of the relevant claims.
So, they opine, if in the course of encryption and decryption you
avoid doing any unauthorized key generating, you haven't infringed
the claims.

That is an interesting argument, but one that I suspect could also be
extremely costly to rely upon, even if you won with it -- because it
will involve comparing the allegedly infringing activity with the
process defined by the claims, the outcome will be very dependent on
exactly what you were doing and whether the court decided to read the
claims the way the article's authors do.

I also have some other misgivings about the analysis, but would need
to sit down with all the claims and a copy of Chisum before opining
further. I suspect that there may be problems with the idea of
avoiding infringment by simply segregating the steps of the claimed
process.

I note in passing that the authors purport to have represented
clients against RSA, but I am unaware of any upsets in cases against
RSA. This doesn't mean that the authors' theory is wrong, of course,
but I have to wonder "If you're so smart, why ain't you rich?"

------------------------
Dan L. Burk
Seton Hall University
burkdanl@shu.edu
------------------------