https://www.epo.org/en/news-events/press-centre/press-release/2016/451558

Secure smart-card encryption: Joan Daemen and Pierre-Yvan Liardet named European Inventor Award 2016 finalists

26.04.2016

in Press release

Team of Belgian and French cryptographers nominated for EPO award for their work on bolstering the security of smart cards
Safe and secure process for equipping a smart card with encryption
"Master cards" can no longer be cloned and used to gain access to an entire network of "recipient" cards
With the burgeoning electronic devices market and Internet of Things, demand for data security is at an all-time high
EPO President Battistelli: "Thanks to their invention the digital world is a safer place."

Munich, 26 April 2016 - Data security is an issue that affects us all, but many people are unaware of how important reliable encryption software can be. In 2015, an estimated 9 billion smart cards were shipped globally in the form of SIM cards, debit and credit cards and government IDs, to name a few examples. What makes them "smart" are their embedded memory chips and microprocessors that are capable of storing sensitive data. For years, those billions of cards also represented billions of potential victims of fraud. All that was necessary to compromise, say, a telecom company's vast network of SIM cards was to gain access to the "master card" used to create them. Today, however, thanks to the innovations of Joan Daemen, Pierre-Yvan Liardet and their team of Belgian and French cryptographers, smart-card networks are more secure than ever before.

For this achievement, the European Patent Office (EPO) has named Joan Daemen and Pierre-Yvan Liardet as finalists for the European Inventor Award 2016 in the category "Industry". The winners of the 11^th edition of the annual innovation prize will be announced at a ceremony in Lisbon on 9 June.

"Joan Daemen and Pierre-Yvan Liardet's invention is an important achievement in the field of cryptography, and one that stands to benefit people around the world through safer transactions and more secure personal information," said EPO President Benoît Battistelli announcing the European Inventor Award 2016 finalists. "Without this breakthrough, smart-card holders are more prone to fraudulent attack; with it, the digital world is a safer place."

A major problem that Daemen, Liardet and their team solved was one that had plagued manufacturers and issuers of smart cards. Once a company discovered that fraudsters were using a master card to clone one or more "recipient" cards, they had no choice but to shut the entire network down - cancelling all cards that contained data from the compromised master card. Needless to say, issuing large numbers of new smart cards to customers could be extremely costly for the company in question - not to mention inconvenient for its affected customers.

Stronger encryption, better data security

The novelty of the security protocol conceptualised by Daemen and Liardet is that a master card can now communicate with each recipient card once (and only once). During that time, it sends an encryption key and waits for confirmation that the key has been received and stored. After that initial exchange, during which individualised data is also recorded onto the recipient card, the two-way communication channel is closed forever. Even the master card cannot regain access to the recipient cards which it has already programmed. In addition, without the confirmation from the exact prior recipient card, the master card is blocked from issuing any further keys to subsequent recipient cards down the line.

"Ultimately it's a simple idea, but we had to go through a lot of dead ends to find it," says Daemen.

These additional security features make it virtually impossible for a master card to be cloned and used to reveal the keys of other cards at a later time. Even if it could be cloned, it would be practically useless. The economic impact of this breakthrough might be calculated into the billions of euros: For every EUR 2 635 paid with credit cards, about EUR1 is lost to fraud. That represents around EUR1.5 billion a year in Europe. While the technique will not eliminate fraud entirely, it forces counterfeiters and cyber-criminals to search for new avenues.

And the invention has important applications beyond banking. While bank cards represented some 2.6 billion of the total 9 billion smart cards issued in 2015, roughly 5.1 billion cards were shipped worldwide for use in the telecom sector. Bearing in mind that SIM cards for mobile phone and data communication are expected to rise in the near future, the important role that encryption technology plays becomes even more salient.

A booming field

As larger numbers of mobile electronic devices such as smartphones and tablets connect to the Internet - reinforced by a burgeoning Internet of Things - the demand for reliable and secure payment transactions is swelling across other industries as well. Smart cards are now being employed for computer security systems, loyalty programmes, satellite TV access, and as library cards, employee ID badges and even government identification for health insurance. These developments have led market researchers to predict that the global smart-card market will achieve annual growth of 9% over the next several years, resulting in an industry valuation of EUR 10.4 billion by 2020. The invention of Daemen, Liardet and their team has a direct impact on this industry, since better encryption algorithms facilitate wider adoption of smart cards.

Pioneers of encryption innovation

The nominated patents of this team - which also includes the Belgians Yves Moulart, Michel Dawirs, Thierry Huque, Paul Fontaine, Frank Cuypers, Gilles van Assche, and Frenchmen Pierre Guillemin, Claude Anguille, Michel Baedouillet and Yannick Teglila - have two applicants: Proton World International and STMicroelectronics, the latter of which bought the former in 2003 for around EUR 60 million (AUD 110 million).

Today, STMicroelectronics, where Daemen currently works as an IT security architect and cryptographer, is a global leader in the field of semiconductors and data security. In 2015 the company had annual revenues of EUR 6.9 billion, and it benefits directly from Daemen's innovations in cryptography, which have had an impact on areas far beyond smart cards. The Belgian engineer, with a PhD in cryptography from KU Leuven, was a co-inventor of the block cipher Rijndael, better known as the Advanced Encryption Standard, which was adopted as an industry standard for encrypting electronic data starting in 2000. That's significant for many reasons, not least its impact on the global hardware encryption market, which is expected to reach a valuation of EUR 272 billion by the year 2020.

French cryptologist Liardet has spent nearly a quarter of a century creating stronger smart- card safety along with developing other robust security codes and protocols. Since 1998 Liardet has worked at STMicroelectronics, after holding positions at both Schlumberger and Solaic Smartcard. He holds a PhD from the Montpellier Laboratory of Computer Science, Robotics, and Microelectronics (LIRMM), and is co-author of more than 50 patents.