Security systems expert Cryptography Research introduces new testing program to evaluate smart card security

San Francisco, Calif., — November 9, 2005 — Cryptography Research, Inc. (CRI), a worldwide leader in security systems, today announced the launch of the ‘DPA Countermeasure Validation Program’, a new testing suite to evaluate smart card protection against Differential Power Analysis (DPA) attacks. A DPA attack can reveal keys and other sensitive information stored on a chip, thereby exposing payment card or ID card operators and users to the risk of fraud.

The DPA Countermeasure Validation Program is an integral part of CRI’s DPA Countermeasure Licensing Program that protects the security of tamper-resistant smart cards and other devices. Licensed users of CRI's DPA countermeasure technology will be permitted to display the DPA lock logo on devices which pass the rigorous tests, thus indicating to customers that the chip or card enjoys the highest levels of protection.

“CRI’s new DPA testing program will be of enormous value to customers who really care about security in financial services, pay television, mass transit, secure ID, wireless and other sectors,” said Kit Rodgers, Vice President of Licensing. “The industry has already adopted a number of DPA countermeasures based on CRI technology, and customers need to know that these solutions work and that their devices have been properly secured. We are providing that assurance through our DPA testing program.”

Historically, as new technologies and applications have come to market, industry has responded with more stringent security requirements. The DPA testing program fills a gap in current card industry testing standards and has been designed to be compatible with the methodologies of Common Criteria, FIPS 140, and payment association evaluation schemes.

Testing will be conducted by a select number of approved independent laboratories and can be run in conjunction with other evaluations. “Independent testing will provide device manufacturers with the assurance that sensitive information is only disclosed to the labs”, says Ken Warren, Smart Card Business Manager. “CRI’s role will be to ensure that tests are conducted with a high degree of quality and consistency, and we expect that only the most capable labs will be approved to conduct the tests.” Testing labs will be able to offer a security rating depending on the level of protection against DPA attacks achieved by the product being evaluated.

Differential Power Analysis (DPA)

DPA is an attack that involves eavesdropping on the fluctuating electrical power consumption of a target device and using advanced statistical methods to derive cryptographic keys and other secret information. DPA attacks are repeatable and inexpensive, so effective countermeasures to DPA are essential to protect keys contained in tamper-resistant devices such as smart cards.