In the second David vs. Goliath legal tussle of his career, Leon Stambler thinks he has again come up with a key technology

5 March 2003—In the 1980s, a little-known electrical engineer invented the way personal identification numbers are used with bank automated teller machines. Because of some legal technicalities, he was barred from enforcing his patent. Still, it’s remarkable that after an undistinguished career in which he seemingly bounced from one low-level job to another, this lone inventor, Leon Stambler, had come up with a critical underpinning to millions and millions of financial transactions.

Whether creative lightning struck twice is the question that faces a Delaware jury this month. Did Stambler once again invent a cornerstone financial security technology—this time one used in just about every secure transaction on the Internet? Specifically, does a slew of patents Stambler filed in the early 1990s perfectly match the methods of secure-sockets layer (SSL), which was developed several years after the patents were filed but still well before they were published to the world?

About one thing, there’s little doubt—if SSL infringes on the Stambler patents, so does anything that directly relies on SSL, such as a variety of e-commerce applications and developer tools sold by RSA Security Inc. (Bedford, Mass.) and codefendant VeriSign Inc. (Mountain View, Calif.). But, if the jury finds the defendants to have infringed, there’s still another question, which will be settled by another jury trial immediately after this first one: were the patents valid in the first place?

At stake

Stambler and his lawyers contend that SSL directly infringes four of the 130-odd claims his patents make, stating how the invention will be used. (For one additional claim, they argue infringement under the doctrine of equivalents—the idea that a technology that does just what the Stambler patents describe is just as infringing as if the defendants had used Stambler’s actual methods.)

Patent experts interviewed by IEEE Spectrum see Stambler’s case as a long shot, but the prize could hardly be more valuable. SSL is almost universally used in electronic commerce—transactions worth tens of billions of dollars in 2002 and growing steadily, despite the dot-com collapse. Indeed, it comes up whenever information is transmitted securely: checking one’s retirement account on-line, filing one’s taxes electronically, disclosing a government identification number to an insurance provider.

That makes this a big case for almost every Internet company, and for RSA in particular, who might have to pay an initial US $8 million if it loses, as well as large future royalties that would be based on a license negotiated "with a gun to its head," in the words of one lawyer familiar with the case.

VeriSign, one of the largest infrastructure companies on the Internet, also uses SSL in a number of products that handle the nitty-gritty work of on-line commerce: digital credentials, authentication, and payment. VeriSign would, if it loses, have the same weapon pointed at the same part of its anatomy as RSA. In a pragmatic, but unusual decision, the judge, Sue Robinson, who is also chief judge of the U.S. District Court in Wilmington, chose to combine the trials of the two defendants, but to separate the two issues of infringement and validity. If the defendants lose on the question of infringement, they could still win later in the month by convincing a second jury that the Stambler patents are invalid.

Nine good citizens

In the 1980s case, Stambler’s patents were not invalidated, but they were deemed unenforceable. There, he lost as a matter of law, in a ruling by a judge in the eastern district of New York. The current trial, which began on 24 February, is before a jury, and that can make all the difference. For example, what did the nine good citizens of Wilmington think of the testimony and credibility of David Finkel, the computer science professor at Worcester Polytechnic Institute (Massachusetts), who was the plaintiff’s principal witness on the question of infringement?

On the second day of the trial, over the course of four hours of direct testimony, Maryellen Noreika, one of the three plaintiff lawyers in the courtroom from the hometown firm Morris, Nichols, Arsht, and Tunnell (Wilmington), led Finkel through a comparison of the technologies in question. In a clear, but soft voice, she prompted her jolly, bearded expert as he gave a high-decibelled generic description of secure on-line transactions, how the Stambler methods matched that generic description, and finally how SSL version 3, as designated in its specifications, matched the description, too.

In two subsequent hours of cross-examination, William Lee, the wiry, energetic managing partner at the firm defending RSA, the 484-lawyer Boston firm of Hale and Dorr LLP, tore into Finkel. Lee seemed most effective making two key points—points he was unable to drive home in his examination of Stambler, who had testified earlier.

Stambler’s methods were originally inspired by problems like cashing a bank check using a single piece of identification. Lee argued, through his questioning of Finkel, that Stambler’s methods involve ongoing client-server relationships where the two parties know one another in advance. That makes them a poor fit with SSL, which is often used in a one-time transaction like buying a book from Amazon.com.

Lee was also able to argue that some of the numbers that get turned into the cryptographic keys that make SSL a secure protocol must be randomly generated, while the analogous numbers in Stambler’s methods do not.

The defense needed a stellar cross-examination of Finkel to make up for a lackluster performance the day before, against Stambler. Perhaps most disappointing for the defendants, Lee was unable to get any of the questionable circumstances surrounding the 1980s ATM patent case into this trial, despite a seemingly favorable ruling by the judge a month earlier. He did, however, present the now retired-in-Florida engineer as out of touch with an Internet revolution fueled, in large part, by companies like RSA and VeriSign, and by technologies like SSL.

Stambler’s attorneys may in fact try to get away from the details of the technology, and continue to focus on their client—painting him as an elderly, somewhat eccentric, gentleman in the twilight of his engineering career, trying to keep from being robbed of his rightful credit for his final inventions. "Juries often don’t make rational or logical decisions, they fall for personalities," says Robert J. Schneider, of Chapman and Cutler (Chicago), an attorney who has followed the case.

But that’s just the first trial

Even if Stambler were to win on the infringement issue, there’s the question of whether the patents are valid.

Barry I. Friedman, an attorney with the law firm of Metz Lewis LLC (Pittsburgh), has looked at the Stambler patents on behalf of several firms not involved in the current case. He’s skeptical that Stambler will succeed. He notes that while the claims section of a patent can change, the disclosure—the actual description of the invention—does not.

"The claims added in the later years morph away from the original disclosure, and at the end of the day they bear little resemblance," says Friedman. "I don’t think the disclosure supports the new claims. If it were my case, I’d try to paint it as a tree that’s outgrown its root structure."

We’ll know what a jury decides about the validity issue in late March. The infringement case should end about 7 March. Then the validity trial, which will be held regardless of the result of the first case, will take another two weeks.

If, improbably, RSA or VeriSign loses on both validity and infringement, it has the right to appeal. However, Stambler would have won the right to an injunction against any and all infringing products—and perhaps against any other company’s use of them. That would lead to a quick and expensive negotiation for a license. Leon Stambler would finally get the recognition he is certain he is due—recognition, and millions and millions of dollars.