A new license fee for every smart card?

R.A. Hettinga rah at shipwright.com
Mon Jan 10 09:31:51 PST 2005


: CR80 News

A new license fee for every smart card?
Monday, January 10 2005
Cyptography Research asks chip or card manufacturers to pay for use of its
patented security measures

In the late 1990s, a scare tore through the smart card community when the
media began running articles attacking the security of the cards and
calling into question the vulnerability of chip card-enabled systems. The
threat had a very serious sounding name, differential power analysis (DPA),
and the concern spread quickly.

 The Australian Financial Review broke the story on June 6, 1998 leading
with the ominous statement, "A ruinous security problem has jeopardized the
viability of millions of smartcards in GSM mobile phones as well as the
recently introduced Telstra Phonecard." A series of doom and gloom articles
followed in technology publications and major newspapers and periodicals.

According to the accounts, a group of young cryptographers in San Francisco
had discovered a way to extract the encryption keys protecting data in a
chip, thus opening its contents for unintended use. The ramifications for
the burgeoning GSM market and highly touted stored value programs such as
Mondex, Proton, and VisaCash seemed significant.

The smart card industry attempted to brush off the significance of the
threat pointing to the fact that the attack was confined to laboratory
environments and that no actual issued cards had been compromised. But the
damage was done 
 it was another public relations hit to an industry trying
to define itself in the eyes of the average consumer.

Thankfully, the average consumer is fickle. Within months, DPA was
forgotten about by all but the most security-focused in the chip and
related industries. The media was on to the next story and the crisis
disappeared as quickly as it had materialized.

Fast forward to November 2004

San Francisco-based Cryptography Research, which specializes in developing
and licensing technology to solve complex data security problems,
officially announced that it had established a licensing program for its
patented DPA countermeasures 
 and, according to Kit Rodgers, VP of
Licensing for Cryptography Research, virtually every chip card issued in
the market uses the patented countermeasures. But wait a minute. To the
casual observer of the smart card industry, it seemed that DPA's "15
minutes of fame" had passed before the millennium. What happened?

It turns out that DPA really was a credible threat to chip security, and it
turns out that Paul Kocher, one of the young cryptographers that discovered
DPA, is the founder of Cryptography Research. At first blush, this might
seem odd - the same guy that discovered the threat is selling
countermeasures to defend against it.

 In reality, this is not uncommon in data security circles. It stands to
reason that the people discovering the weakness are often in the best
position to fix it. If the threat is deemed real following scrutiny by the
industry, the protection against the threat is necessary and has inherent
value to the industry. That is exactly what happened in this case, says to
Mr. Rodgers.
So what happened during the 6-plus years that passed between the Australian
Financial Review article and the announcement of the licensing program?

It turns out that Mr. Kocher and Cryptography Research had shown the
vulnerabilities they discovered to Mondex, Visa, and others prior to the
1998 media storm. These card issuers then brought the silicon and card
suppliers to see the DPA demonstration. According to Mr. Rodgers, "Under
NDA we showed them how to mask and minimize the vulnerabilities. We told
them we would be coming back for licensing once the patents were issued."

In April 2004, the company announced that it had been granted a series of
patents broadly covering countermeasures to DPA attacks. These include:
	* 	U.S. Patent #6,654,884: Hardware-level mitigation and DPA
countermeasures for cryptographic devices;
	* 	U.S. Patent #6,539,092: Leak-resistant cryptographic indexed key
	* 	U.S. Patent #6,510,518: Balanced cryptographic computational
method and apparatus for leak minimization in smartcards and other
	* 	U.S. Patent #6,381,699: Leak-resistant cryptographic method and
	* 	U.S. Patent #6,327,661: Using unpredictable information to
minimize leakage from smartcards and other cryptosystems;
	* 	U.S. Patent #6,304,658: Leak-resistant cryptographic method and
	* 	U.S. Patent #6,298,442: Secure modular exponentiation with leak
minimization for smartcards and other cryptosystems; and
	* 	U.S. Patent #6,278,783: DES and other cryptographic, processes
with leak minimization for smartcards and other cryptosystems.

So, it seemed, the time had come for Cryptography Research to go back to
the manufacturers with a licensing program. "We began talking to the chip
and card suppliers in the spring (2004)," said Mr. Rodgers. "They all knew
us so we were not coming from out of the blue."

Their message is clear. "You need a secure smart card and for a smart card
to be secure it needs to be secure against DPA attacks," says Mr. Rodgers.
"We want to be viewed as helping the industry against a major

What does the licensing program really mean?

Cryptography Research expects companies utilizing the patented
countermeasures in their products to pay for its use. But with card
products, this could include several companies in the supply chain. The
chip manufacturer can employ the countermeasures, the card manufacturer as
well, and the card issuer certainly benefits as the end supplier of the
finished product. So who pays?

According to Mr. Rodgers, "we want (the licensing) to be cost appropriate
so only one party in the chain will pay. We don't care which phase (pays
the license) so it could be silicon or card manufacturers."

In reality, a large smart card manufacturer would likely want the
flexibility to choose from a variety of silicon manufacturers-both large
and small. Such a manufacturer says Mr. Rodgers, "may want to lock in the
price at a great rate. If they get it from a licensed silicon manufacturer,
they wouldn't pay again." In short, both chip and card suppliers may be
licensed but if a card manufacturer bought chips that had already been
licensed, they would not pay a second fee for the cards created with those

While it might seem difficult to manage such a process, the pool of
potential licensees is not large. According to Mr. Rodgers, "six
manufacturers account for about 96% of the chips and five smart card
manufacturers supply most of the cards."

 The question of price

How much will the license fees cost? The company is being purposefully
vague as they are currently in the discussion phases with industry. Hinting
at the cost, Mr. Rodgers says, "we are trying to price this in a way that
gives us the appropriate amount of money for the value the technology
provides. We think smart cards are an excellent solution for certain
security applications and want to succeed along with the market."

He mentions that early adopters will receive favorable pricing to give them
a competitive advantage. As well, he suggested that they have discussed
amnesty for past cards issued without license fees, suggesting the
potential that they might seek reparations for products issued in the past.

Mr. Rodgers mentions that the company has "allocated $20 million to launch
and sustain the licensing program." As with any such program, some portion
of those dollars is certain to be earmarked for legal pursuits, either
reactive or proactive.

 In summary, he says, "pricing terms will be appropriate for their (chip
and card manufacturers) business. We don't want this to have a negative
impact on the industry as that will ultimately hurt our business over the
long term."

 About Cryptography Research:

According to Kit Rodgers, Cryptography Research develops and licenses
technology solutions, provides services, and conducts applied research to
solve some of the world's most complex data security problems. Founded in
1995, they help evaluate and design secure products in the financial
security sector and other industries, and are currently focused on helping
movie studios secure the forthcoming HD DVD and Blu-ray formats. The
company licenses technology in three main areas: DPA countermeasures,
CryptoFirewall for set-top pay TV, and content protection mechanisms for
next-generation HD discs. To learn more visit them on the web at

Additional Resources:

To read an article on the DPA threat that appeared on CNET on June 10,
1998, click here.

To access a primer on Differential Power Analysis produced by Cryptography
Research, click here.

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

More information about the cypherpunks-legacy mailing list