Ending a long, bitter dispute, encryption technology firm RSA Data Security and Network Associates, a networking and security software firm, said today that they have settled patent infringement and copyright violation lawsuits filed by RSA.
Network Associates inherited the lawsuit in late 1997 when it acquired Pretty Good Privacy, a pioneering encryption software company that had a long-running lawsuit with RSA, itself a division of Security Dynamics.
"Peace has broken out, and we've found a way to solve the old stuff," said Peter Watkins, general manager of Network Associates' security division. PGP's ownership change clearly was a factor in the settlement, since RSA and PGP had been locked in an intense dispute.
"We have a relationship structure that is good for both parties--that's the way you deal with some of the history," said RSA chief operating officer Al Sisto, who joined RSA only last year and thus wasn't involved with the PGP dispute in its most bitter days.
"It's good for the market place, and we have created a relationship here that is starting on the right foot and should continue that way," Sisto added.
The settlement includes a new license agreement for Network Associates to use RSA's encryption tools and to pay RSA an undisclosed sum for royalties on PGP products and for attorneys' fees. The settlement resolves three federal lawsuits among the companies and drops a court-ordered arbitration hearing this fall.
Network Associates will offer both Diffie-Hellman encryption ciphers, which are now free and in the public domain, and RSA algorithms in its products, charging a small premium for the RSA option.
Watkins also said that Network Associates will add support for X.509 digital certificates to the PGP Certificate Server, improving the ability of PGP certificates to interoperate with digital IDs from companies like VeriSign, Entrust Technology, and GTE CyberTrust, as well as Microsoft and Netscape. Some steps will be made this quarter, he said, while others will take until year's end.
However, because of optional elements in the X.509 standard, even certificate authorities that support that protocol cannot always be certain the certificates will interoperate with another vendor's. Nonetheless, support for RSA encryption is critical for firewalls and other software if they allow management by Web browsers, virtually all of which support RSA.
"We're trying to get away from standards battles; we want customers choosing between which one they want," Watkins said.
In addition to resolving past disputes, the settlement creates a framework for handling future issues in technology that Network Associates, which is growing quickly through acquisitions, may acquire or develop internally.
Network Associates also has licensed RSA's BSafe and Bcert encryption toolkits for use in PGP Client, PGP Certificate Server, and three former TIS products--RecoverKey, Gauntlet Firewall, and Gauntlet VPN. Those five products are components of Network Associates' security suite.
In May, RSA filed a suit to bar Network Associates from shipping any Trusted Information Systems security software that uses RSA encryption technology. That apparent negotiating ploy preceded a settlement conference last Thursday. TIS is a firewall and virtual private networking firm Network Associates acquired this year.