Security insiders have had the date circled on their calendars for years. What's going to happen when RSA's encryption and decryption patents expire next month?
A milestone in the history of technology is set to occur next month when RSA Security patents, fundamental to most Internet security, expire. What happens after that will be nothing short of a watershed for the security industry.
Observers predict two major trends: the development of security tool kits engineered for performance and specific markets, such as wireless, plus the availability of many more security products.
"This represents a pretty big milestone. People are waiting for this," said Mike Serbinis, chief security officer of Critical Path, which uses security tools from Baltimore Technologies. "Three years ago, I was at a startup (since acquired by Critical Path), and we were debating then what we would do around the patents expiring. It turns out it will all be good for users."
For 16 years, RSA has zealously guarded the patents, which cover encryption and decryption as well as the initialisation of public- and private-key pairs -- all cornerstones for secure online transactions. The patents are, however, effective only in the United States.
To license the technology, vendors have had to pay RSA an upfront fee as well as a small percentage of revenues from their products. In addition, RSA has had exclusive rights in the United States to sell tool kits that incorporate RSA algorithms.
This one-two punch has hampered not only domestic security vendors but also international security companies trying to sell home-grown technologies in the United States.
"It would have been not only costly but time-consuming to engineer that," said Andrew Morbitzer, senior vice president of marketing at Baltimore Technologies, which is based in Dublin, Ireland. "And think about it: If you're a big international company, we'd be selling you one thing overseas and another thing (in the United States). This is why having the same product with the same bits available anywhere is really a watershed."
Shape of things to come
Baltimore serves as a prototype for the kinds of developments US corporations can expect as a result of the patent expiration. The PKI (public-key infrastructure) vendor plans to announce September 11 that when the patent expires September 26, it will create one consistent product line to sell globally that includes its own tool kits. Currently, only international products include Baltimore's own tools.
With a consistent product line established, the second part of Baltimore's plan is to take some products to the United States that it has so far marketed only international. One such product is a Web-based PKI management product. Standard in Baltimore PKI deployments overseas, this product enables users to log in and manage PKI credentials from any browser. In the United States, Baltimore has had to include a Win32 client that requires installation and maintenance and, officials say, dampens the user experience.
Morbitzer, who said the September 26 date has been circled on his calendar for years, expects other RSA rivals, such as Entrust Technologies, to take advantage of the event, too. Entrust officials declined to comment on the company's plans.
RSA: It's a 'nonevent'
In addition to a product launch, Baltimore will use the patent expiration date as a springboard for a massive marketing campaign to establish itself as a prime RSA competitor and premier security vendor. Baltimore will also likely consolidate its tools under a single brand name and begin marketing them aggressively in the United States as tools that increase performance of RSA's code while also targeting new markets, such as wireless, officials said.
Despite Baltimore's chest beating, RSA takes a decidedly different view to the expiration of its patents, calling it a "nonevent" and downplaying Baltimore's Melvillean take.
"Some competitors would have you believe we're bilking them and taking their firstborn," said Scott Schnell, RSA's senior vice president of marketing. "But the cost is not even worth discussion. Innovation is rewarded with patents, and some people will always be jealous of that."
Critical Path's Serbinis took a more basic view. "Building a product four different ways is an expensive endeavor; innovation will proceed a lot faster now," he said. "And there are a lot of smart mathematicians and cryptographers overseas dying to get innovations into the US."
