IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

Licensing Cryptography In The Smart Card Industry

Contributed at Joanne C. Kelleher

Chris Corum, executive editor at SecureID News wrote an interesting article about enforcing license agreements for crypto in the Smart Card industry (Monday, May 4, 2009). Smart card vulnerability, license fees and patent law, discusses how Cryptography Research won a legal settlement against Visa and is now collecting licensing fees.

In 1998 a cryptographer named Paul Kocher, founder of Cryptography Research, figured out that information, such as security keys, could be obtained from certain integrated circuits (ICs) by measuring the chip’s power consumption during processing. At the most basic level, a transistor in a chip uses a different amount of power to process a one than a zero. Using this fundamental idea, Kocher found that it was possible to crack the security of certain chips such as those used in smart cards.

Cryptography Research advised the chip manufacturers on countermeasures that protect smart card chips from this specific hack attack called Differential Power Analysis (DPA). This was done under a NDA with an agreement that licensing fees would be collected when the patent was issued.

Once the patents were issued in 2004 you can guess what happened and why a lawsuit was filed. Read the rest of the details at