Source: 05.18.2009 - American Banker ArticleMasterCard in Licensing Pact | Cardline Global | Monday, May 18, 2009
MasterCard Inc. has agreed to require suppliers of contactless and smart cards that use the EMV Integrated Circuit Card Specification to license antifraud technology from Cryptography Research Inc. of San Francisco. The agreement, which Cryptography Research announced last week, followed an out-of-court settlement it reached last fall with Visa Inc. in a suit that claimed the vendor's patented technology had been used in hundreds of millions of cards issued under the Visa brand dating back to 2001.
Visa paid an undisclosed sum and agreed to license Cryptography Research's technology, which is designed to protect cards against a hacking technique called differential power analysis. (Whitepapers)
Cryptography Research had accused MasterCard of anticompetitive behavior but did not sue the Purchase, N.Y., company.
"I can't really talk about how much money MasterCard is paying us," Kit Rodgers, Cryptography Research's vice president for business development and licensing, said in an interview. "I can say products approved prior to the April 16 agreement will remain approved for use with MasterCard."
Differential power analysis lets hackers extract encryption keys from smart cards. Cryptography Research's chief executive, Paul Kocher, and two colleagues say they invented the attack in 1998 and developed countermeasures.
Many smart card and chip vendors say they developed their own countermeasures, but Rodgers said the settlement with Visa and the agreement with MasterCard will require all of them to pay Cryptography Research licensing fees if they want to do business in the bank card market.
Here's more on DPA (and licensing fees) from Cryptography Research
DPA COUNTERMEASURES
a differential power analysis overview
Differential Power Analysis (DPA) is a class of attacks discovered by
researchers at Cryptography Research. DPA is a powerful tool that allows
cryptanalysts to extract secret keys and compromise the security of smart
cards and other cryptographic devices by analyzing their power consumption.
Simple Power Analysis (SPA) is a simpler form of the attack that does
not require statistical analysis.
Cryptography Research and DPA
Unlike physical attacks, SPA and DPA attacks are non-invasive,
easily-automated, and can be mounted without knowing the design of the
target device. Cryptography Research has developed solutions for
securing devices against these attacks.
Cryptography Research is committed to helping companies understand and address issues related to cryptography and security.
The following links provide more information about our technologies and services.
Patent Licensing
The Cryptography Research patent portfolio includes numerous fundamental patents relating to DPA and
countermeasures. A license to these patents is required to make, use, or sell DPA-resistant devices.
To encourage education and research, free licenses are available for qualifying non-commercial use.
