In a move that could undermine an old rival, Cylink (CYLK)
is licensing its security technology free to Phaos Technology
for incorporation into Phaos's Java-based security toolkit.
Cylink's nonexclusive pact lets security-software start-up Phaos build
Cylink's digital signature and key exchange technology directly into its
SSLava toolkit, which developers use to build applications under the Secure
Socket Layer (SSL) protocol for secure communications over the Internet.
But the loser in the deal could be crypto firm RSA Data Security, which sells its widely
used encryption algorithm for SSL and other security applications. Although
Cylink insists it's not competing with RSA, its strategy could cut
into RSA's market.
"Cylink was never in the business of making money on the Diffie-Hellman
patent [the algorithm it licensed to Phaos]," said Mathew Kovar,
an analyst with Yankee Group.
"But it's potentially a revenue source for RSA that's no longer there."
RSA and Cylink had been locked in a years-long legal dispute over patents,
but in January Cylink's new management team settled the dispute with RSA
out of court in a cross-licensing agreement.
But the impact of Cylink's move will be short-lived because the
Diffie-Hellman patent expires next month, and a related patent,
Hellman-Merkle, expires soon after. Cylink is the commercial licensing agent for
Stanford University, where the patents were researched.
Phaos's security SSL toolkit is written in Java, making it appeal to Phaos
customers like AT&T and Cisco because it works on different
For Phaos customers, the Cylink pact means they can create SSL applications
using Diffie-Hellman simply by using SSLava. If they want to use RSA's
algorithm, they must license it separately from RSA.
"There is wider acceptance of the RSA key than of Diffie-Hellman, but
Diffie-Hellman is still a valid security key," said analyst Kovar.
Because the patent is expiring, Cylink is promoting Diffie-Hellman as an
open standard through the American National
Standards Institute, or ANSI.
Cylink's director of marketing, Andrew Morbitzer, noted that RSA could be
threatened over the long term by elliptic curve cryptography, another
encryption algorithm. "Diffie-Hellman public key management lends itself
to elliptic curve cryptography," he noted. CertiCom is the chief marketer of
elliptic curve cryptography.