RSA Encryption Algorithm Paroled

RSA Security Inc. Wednesday strayed
from conformity by offering its watershed encryption algorithm to the public
two weeks before the 17-year-old safe-guarding patent was due to expire.

The RSA public key encryption algorithm — that’s “c = me mod n” to the mathematically inclined — is considered the standard for encryption and the core technology that secures the vast majority of the e-business on the Net.

The U.S. patent for said algorithm, No. 4,405,829 “Cryptographic
Communications System And Method,” was issued to the Massachusetts Institute
of Technology on Sept. 20, 1983, licensed exclusively to RSA Security and
was set to expire Sept. 20.

In a move akin to today’s open source offerings of Linux by Red Hat Inc. and others of its ilk, this of an encryption algorithm
will allow rivals to incorporate the algorithm into its own products.

Art Coviello, chief executive officer of RSA Security, told
Wednesday that the release is less altruistic than it really seems: it’s
part of the firm’s strategy for expansion.

“Releasing the RSA algorithm into the public domain now is a symbolic next
step in the evolution of this market, as we believe it will cement the
position of RSA encryption as the standard in all categories of wired and
wireless applications and devices,” Coviello said.

Coviello said lifting the veil on the algorithm couldn’t have been more
timely because the latest version of its RSA BSAFE® Crypto-C security
software, which utilizes innovative MultiPrime™ was released Wednesday,
making encryption performance faster by 500 percent — something rivals
cannot stay on par with just yet.

“We really want this to be the de facto standard of technology,”
Coviello said.

The firm has made a number of enhancements to the algorithm to accommodate a
wide range of software applications, operating systems and chip designs.
Since the start of 2000 alone, about 200 firms have turned to RSA for its
encryption technology.

Andrew Morbitzer, vice president of marketing for rival security firm Baltimore Technologies, couldn’t agree more that RSA was thinking of itself with the move.

In fact, Morbitzer said the top dog of security intended the move to serve as a stalemate to Baltimore’s upcoming release of encryption toolkits — for free.

Morbitzer called RSA’s move a calculated, “pathetic and cynical” ploy to squeeze the last bit of what he deemed a monopolization by the innovative security firm.

“When you look at their business practices — they’re unscrupulous,” Morbitzer said. “When a company wants to license RSA’s encryption library, they have to sit down with them and go over deals file by file. What they charge as a flat fee depends on the size of the company. But they also demand a certain amount of revenue based on what that company charges. You basically give your business to them.”

Morbitzer noted that the algorithm was only patented in the U.S. and that Baltimore has been able to successfully capitalize on the encryption toolkits overseas where the patent does not apply.

“We observe open standards at Baltimore,” he continued. “We are diametrically opposed to what they do. We are offering a single solution — RSA offered two versions of the same application that had to be used together.”

Morbitzer said RSA rules are so stringent for some of Baltimore’s clients, that they sometimes not to choose to use RSA’s encryption libraries.

Scott Schmell, vice president of marketing for RSA, told Thursday that neither he nor anyone else at RSA planned any such public relations scoop as far as he knew: the announcement of the patent parole days before Baltimore’s announcement of new, free toolkit

s was entirely coincidental.

Schmell defended RSA’s business practices and said that it was almost as if Morbitzer “felt resentful because Baltimore could not profit from our innovation.”

“I can’t speak for the way he [Morbitzer] feels,” Schmell said. “Hundreds and hundreds of companies have built successful business built from our security technology. Like any company, Microsoft or Netscape, or whoever, other companies pay fees to license our technology. When we negotiate a business we have to come to an agreement.”

Schmell also said he believed RSA’s pricing policies were fair and competitive.

News Around the Web