Wednesday, September 14, 2022

ICMC and Dr. Bertrand du Castel

by Dr. Yi Mao
 
Sal La Pietra, the President and co-founder of atsec information security (atsec), opened the tenth annual International Cryptographic Module Conference this morning at Westin Arlington Gateway in the Washington D.C. area. The theme of his opening speech was that everyone is a winner through collaborative work. All ICMC participants received a bronze medal. Ten trophies, each of which has an embedded gold medal, were awarded to the NIST CMVP/CAVP and CCCS CMVP and eight individuals for their significant contributions to the cryptographic module validation community in the past ten years. Twenty-five silver medalists will be announced at the ICMC closing meeting on September 16.

At this joyful moment, I deeply miss one person:  Dr. Bertrand du Castel. I wish we could invite him back as our distinguished guest, to witness this conference's growth and celebrate its success, but sadly he is no longer with us. I know that he would be proud to see the profound impact of his keynote speech at the conference's inauguration in 2013 (https://www.youtube.com/watch?v=Of6yHI8sygI) on the development of this community. The address carried his hallmark breadth of knowledge, connecting technology to fine art and humanity, sprinkles of metaphors, and a pinch of dry humor. It feels just like yesterday we were listening to him talk about two "elephants" and a bunch of "flamingos," where only one flamingo calls out "Key Distribution," and the rest of the group repeatedly calls for "Trust." Where do we place the trust in the cryptographic module: on embedded devices, in the cloud, or both? Seeking answers to the question he raised and the endeavor of driving "elephants" out of the room has become the force pushing cryptography to be part of the solution.  

Bertrand was a Schlumberger Fellow and widely recognized as a "keeper of the scientific soul" of that organization. In 2005, he won the Visionary Award from Card Technology Magazine for pioneering the Java Card (https://www.slideshare.net/BertrandduCastel/2005-visionary-of-the-year-award-49010879). He accomplished his mission to break smart cards away from the limitations of proprietary platforms through embracing open standards. It was a pivotal step that caused the smart card industry to flourish, ensuring that these cards were used in every corner of the internet. Bertrand headed the team that created Java Card, helped build the Java Card Forum to manage the software platform, led work on one of the industry's first internet smart cards, and co-founded the WLAN Smart Card Consortium to promote the use of smart cards on Wi-Fi networks.

Java Card is a software technology that allows Java-based applications (applets) to be run securely on smart cards and, more generally, on "secure elements" (SE) with small memory footprint cryptographic tokens. Java Card addresses hardware fragmentation while retaining code portability brought forward by Java.


As an open standard backed by leading smart card manufacturers, including Thales, Java Card offers the best security of its kind via data encapsulation, Applet firewall, and Cryptography. A brief review of the history highlights the connection between today's Java Cards manufactured by Thales and the first Java Card invented in 1996 by Bertrand's team in the Schlumberger Smart Card division, which was carried through Axalto and Gemalto eras into Thales. According to Oracle, nearly six billion Java Card-enabled devices are rolled out each year.

In 2013, when atsec had the initiative to launch an International Cryptographic Module Conference, Bertrand was at the top of our list for a keynote speech. As a highly respected leading figure in the smart card industry who had accrued significant recognition and honors for his work, we wanted him to share his vision of cryptographic module validation and shed some light on the path forward. He agreed to help us with the first ICMC with a blunt and honest statement, "I can only give an outsider's view because I do not know cryptographic module validation." Adding to it, he said, "I'll say what I want to say, say it, and say what I said. My presentation will be confusing. Do you still want me to do it?" "Yes, Bertrand!"

Having worked with Bertrand for almost six years at the Schlumberger/Axalto/Gemalto time, I benefited tremendously under the tutelage of a master. He had a great zest for a broad spectrum of knowledge ranging from neural science, computer science, logic, artificial intelligence, software engineering, linguistics, fine art, and history of humanity and civilization (see Bertrand's publications here: https://www.researchgate.net/profile/Bertrand-Du-Castel). He is well known for throwing out unconventional questions, sparking heated discussions, and building consensus toward a promising solution. After decades of pioneering research in various topics, with ups and downs in the industrial job position (nowadays, some companies may prefer today's profit to a scientific soul keeper advocating tomorrow's view from the top), his curiosity and passion still burned bright.

Good questions often lead to great discovery. Sorting out the "confusion" Bertrand left us in his speech could be a scenic path to fruitful results. To set off the ICMC with an open and inclusive start, we welcomed an "outsider's" view, which could be insightful. A Chinese quatrain by the famous poet Su Shi in the Song dynasty fittingly and metaphorically captures the situation where the insiders may get lost in sight. Its English translation (based on the translations provided by Burton Watson (link) and Hongfa Huang (link)) is roughly the following:

From the side, a whole range; from the end, a single peak:
Far, near, high, low, no two parts alike.
It's so hard to tell the true face of Mount Lushan,
Because this very mountain has had me right inside.

I was a complete outsider to the smart card industry, and information security in general, when I first met Bertrand in the Fall of 2000. I was a Ph.D. candidate in the Department of Philosophy studying at UT-Austin with an expected Master of Science degree in Computer Science by the end of the year. A friend of mine, who was helping Bertrand interview job candidates, thought a candidate would be extremely lucky if s/he would work for such a brilliant boss who encouraged creativity, innovation and risk-taking, and actively applying Darwin's evolutionary theory to computing history in a collegial, academic environment. I begged her to introduce me to Bertrand. My wish was soon granted.

On a sunny autumn afternoon, I visited the award-winning Schlumberger Austin campus (https://jacksonmcelhaney.com/projects/schlumberger-asc) on 620 Ranch Road (the current site of the Concordia University campus). The campus had six buildings, named with the letters A–F, connected by covered walkways and encircled by a trail winding through a massive nature preserve encompassing natural springs, wetlands, caves, dense trees, and lots of wildlife. The ivy leaves and wildflowers were like curtains and carpets decorating walkways. Bamboo and other indoor plants grew inside buildings awash in natural light from large windows and copious skylights, threaded with staircases. A wooden bridge swung above a rushing stream, where you could hear birds chirping or watch passing satellites at night. Hiding in the middle of a forest, who would have guessed cutting-edge smart card technology led by an innovative mind would emerge from such a place? I met Bertrand in his office in Building F. His office had two sides of huge, ceiling-to-floor glass windows. He said deer would come to his windows. Perhaps that was why he always had Darwin's evolutionary theory in his mind, as nature was fully displayed to him.

I was somewhat nervous when I first talked to Bertrand, partly because I couldn't decipher his jokes and partly because I was not used to his French accent (in fact, any French accent). He quickly scanned through my résumé and focused on one of my published papers about Saussure's semiology and his interpretation of the meaning of words. I explained that in Saussure's notion, the word 'tree' does not refer to a tree as a physical object but to the psychological concept of a tree. The linguistic sign thus arises from the psychological association between the signifier (a 'sound-image') and the signified (a 'concept'). There can, therefore, be no linguistic expression without meaning but also no meaning without linguistic expression. I continued by claiming that Saussure's concept of structural linguistics shed light on how language shapes our concepts of the world and that it influenced but was later replaced by Chomsky's Universal Grammar. Bertrand disagreed. He argued that he was in one of Chomsky's seminars when Chomsky toured Europe in the 70s. Chomsky criticized structuralism and made it clear that his modern approach to linguistics was not rooted in it. I replied that Chomsky's criticism of structuralism was directed at the Bloomfieldian school, known as "American structuralism," which should not be confused with Saussure's structuralism. Bertrand opened up the internet, and after a few clicks, the references we read together supported my argument.

Our meeting ended with Bertrand asking me, "Do you want to work here with me?” I replied, “Of course, but you haven't asked me questions about programming and computer science." My voice was filled with surprise and excitement. Bertrand looked at me and said, "You have convinced me, but you need to convince people here that you know what you know and you can make others know what you know but they previously did not know."

A couple of weeks later, I gave a presentation to people from the smart card group and the oilfield services group. My topic was non-monotonic reasoning in our daily argument using natural language instead of monotonic reasoning in mathematical proofs. Bertrand was very selective in hiring, and such a presentation was a must. I learned later that he was a graduate of Ecole Polytechnique with a Ph.D. from the University of Paris. These are the most prestigious universities in France, and people who graduate from those institutes are considered the "crème de la crème." Through his unique hiring process, he gathered a team of intellectuals with diversified backgrounds and knowledge who shared the passion for achieving the best.

Years later, I am on the other side of the interview table. Learning from Bertrand, it also became atsec's hiring requirement for a job presentation. The focus is not on the presentation content per se but the presentation style. It serves as a vehicle to measure the candidate's ability to think independently, articulate the problem, communicate the solution, and respond to questions, comments, or even criticisms from the audience.

Working under Bertrand's leadership was a dream job. I was fortunate to start my professional career with such a fantastic mentor. He was best at protecting the engineers from upper management, helping them do their job, giving them room to innovate, and providing them funds for expensive books and trips to conferences. His management style was leading by doing. It would be one's lucky day if he popped into your office and started a mind-blowing conversation with you. On one of my lucky days, he wrote the following group of sentences on my blackboard intermingled with my seven-layer Open Systems Interconnection (OSI) model and cryptography used in TLS/SSL layer already on the board:

•    The rocket reached the top of its trajectory.
•    The trajectory of the rocket reached its top.

•    The sun is bright.
•    Mary is bright.

•    Arrows fly.
•    Birds fly.


He asked why both sentences in each pair were correct but their meanings differed, and that was the beginning of our joint paper on Generics and Metaphors Unified under a Four-Layer Semantic Theory of Concepts (https://www.researchgate.net/publication/234076899_Generics_and_Metaphors_Unified_under_a_Four-Layer_Semantic_Theory_of_Concepts).

Unlike the tension commonly seen between employees and their managers, talking to Bertrand and sharing our thoughts with him were the highlights of a working day. How he motivated the team seemed like magic but also came so naturally from him. Without being asked, we all voluntarily wanted to show him our ideas, draft papers, demos, and prototypes. More often than not, he disagreed with our initial proposals with laser-sharp comments, but eventually a solution would emerge. In summer months when he went to Europe, we felt the office became too quiet and we missed the thought-provoking discussions with him. He was an enabler of innovators through working with and nurturing us. He was always thinking, and thinking made him happy. This happy thinking habit proved to be contagious, and I’m indebted to him for inheriting it.

In the first three years working in Bertrand’s department, my team lead and I, just two of us, covered the entire North American market for smart card personalization needs including a variety of industry sectors: SIM cards for telecommunications, banking cards for electronic payment, transportation cards, identity cards, healthcare cards, passports, and driver’s licenses. In the meantime, I completed my Ph.D. by working late evenings, weekends, and holidays. What I learned from Bertrand was to love what you do.

Loving what we do is the most powerful motivation shared among atsec colleagues. I manage the technical and company cultural training program for our newcomers, through which a clear message is delivered to every new addition to our team: it is not just an eight-hour job but a professional career to be built with passion and love. atsec values Bertrand’s “leading by doing and sharing” management style and follows its spirit. One indicator for loving what we do is our annual ICMC clips (https://www.atsec.com/media/index.html). Every year I had Bertrand preview our clip for his feedback until I no longer could. In one of his email replies, he commented, “The video is great…a superb way to communicate to the core.”  

The best ideas are the well communicated and received ones. The ICMC clips use a joyful tone presenting challenges faced by the cryptographic module validation community coupled with feasible solutions. Clips demonstrate atsec’s expertise in FIPS and show our passion and love using our talents in art, music, and humorous and metaphorical language. We at atsec work hard and laugh loud, which often reminds me of the days working with Bertrand. The difference is that Bertrand had to protect his engineers from upper management; at atsec, the upper management protects our colleagues.

The picture below illustrates the roll-up panels that we are displaying at our ICMC booth this year: 



Competence, Experience, Contributions, Founding, Leading, and Bridging are the common words applicable to both Bertrand’s team who made a breakthrough in card technology and atsec’s team who build up the module validation community. It’s apparent that Bertrand’s spirit lives through us, who have learned a great deal from him and are teaching our fellow colleagues just the same.

For those who didn’t get a chance to know Bertrand, atsec will provide Bertrand’s book “Computer Theology: Intelligent Design of the World Wide Web,” co-authored with Tim Jurgensen. Published in 2008, the book describes a theology of the World Wide Web based on a comparative study of human societies and computer networks. His ideas are worth studying and spreading. We will provide a paper copy to Gold and Silver medalists at the ICMC. If you would like to receive a paper copy, please contact us at cst-info@atsec.com.




We took this opportunity collect some deeply touching stories and insightful quotes from a few of Bertrand’s former colleagues and friends.

For Maria Nekam, Bertrand’s long-time assistant, his passing seemed and still seems impossible. Her most memorable interactions with Bertrand were those joyful moments when they talked of butterflies, Klimt, and Johnny Hallyday. For many, including Maria, Bertrand was the lodestar - a man for whom the motto "Live Curiously" was written.

Tim Jurgensen, Bertrand’s book co-author and long-time collaborator, wrote:

“I first met Bertrand in 1978, shortly after he joined Schlumberger. I had been working there for a few years at that time. Over the course of my career, I worked with Bertrand and for him. During that career I once surmised that I had "lived" in Paris, Bertrand's "home town," for over two years, one week at a time. My trips to Paris were almost always at least one week in duration, and I made over 100 trips.

I loved to walk in Paris and I spent many days roaming the neighborhood where Bertrand lived his early years. Now, I grew up in a small town in western Oklahoma. I used to joke with Bertrand that between the two of us, we spanned a significant part of "world culture," from the simple to the sublime.  He took this to heart to the extent that a few years before he died, in the course of a driving vacation one summer, he spent a day visiting my home town in western Oklahoma. I think he was searching for an understanding of my "grounding".

For many years, I traveled with Bertrand to Java Card Forum meetings around the world. On most of those trips, on the night before we would return to the United States Bertrand would take me, and sometimes others, out to dinner at a restaurant he thought "interesting."  On one such occasion in Marseille he took me to dinner at a seafood restaurant in the harbor area. When we arrived he announced "Most people come to this restaurant for the bouillabaisse, but you shouldn't have the bouillabaisse here!" So, I didn't.

As we were eating, I asked Bertrand why we weren't having the bouillabaisse? He responded "Bouillabaisse is an historic dish created here in Marseille and it uses only the fish, or parts of fish, that the fishermen could not sell. It is intended to show the creation of an exquisite dish from the most common ingredients. At this restaurant, they make their bouillabaisse from only the best fish.

Bertrand was a thinker of novel thoughts and an accomplished innovator. However, he was firmly grounded in historical perspective and culture."


Bertrand’s talent for unifying seemingly opposite personality traits is echoed in Krishna Ksheerabdhi’s comments:

“Bertrand was one of a kind - in the very true sense of the expression. Intellectual but pragmatic. Creative but structured. Strict but empathic. Mercurial but deeply calm. It was these paradoxical traits that made him unique. It also made him work on challenging problems and often succeed in solving them.”


Karen Lu remembered Bertrand:

“Bertrand was brilliant. He was always thinking but did not limit to his own mind. He liked to ask questions and listen to other people’s thoughts, which might support, be different, or be against his ideas. I used to work in a separate division from Bertrand’s in Schlumberger and a completely different field. Still, he often invited me to interview his candidates or listen to their presentations. He would then ask, what do you think? In January 2002, a new Advanced Smart Card Research group was established under Bertrand’s leadership. My colleagues and I were selected to join. It was not because we were smart card experts but, in Bertrand’s words, “because you know nothing about smart cards!” He wanted fresh thinking and new ideas.”


Amy Price shared her remembrance:

“The time I spent at Schlumberger Austin was a magical time for me, and Bertrand was a big part of that. We all recognize that Bertrand was brilliant, creative and a seeker of knowledge and truth. But for me, he was the first leader I’d ever met who truly embraced diversity. And I don’t just mean intellectual inclusivity – he recognized key traits, skills and capabilities of all kinds in people and intentionally (and thoughtfully) put them to their best and highest use within the collective he built. It was true diversity before anyone thought to call it that – and it brought out the very best in all that knew and worked with him. I believe that breakthrough thinking and innovation are best rooted in a diverse organization – and Bertrand made sure that he constructed just that. It not only contributed to the incredible work – having a great and incredibly loyal team let him soar to new creative and intellectual heights.

On a personal level, Bertrand made it easy for me to be my ‘whole self’ – from technologist to communicator to artist – and to bring all my intellectual muscles to our discussions, which were especially fruitful during lunches on the back deck. I will never forget the discussion we had about figures – dancers – painted on ancient pottery that he asserted were the earliest form of graphic communication. That is, until I mentioned cave paintings. Next time we talked, we had a great conversation about cave paintings. But again, that was Bertrand simply being open to embracing learning and new data. Underneath that occasionally argumentative exterior, Bertrand was one of the kindest people I’ve ever known. And I was struck when I realized for the first time how clear and brilliant blue his eyes were under those tinted lenses he favored. Thank you, Bertrand, for being both an advocate and a friend.”


Fiona Stewart remembered Bertrand:

“When I first met Bertrand, I was working for Schlumberger. In those days, ‘Management by Objectives’ was a much-loved philosophy.
I recall my objective set by Bertrand was simple: “ISO 9001. You do the BS!”  Bertrand, thank you! I am still doing ISO 9001, ISO 27001, as well as Common Criteria and FIPS 140-3, and yes, I am still doing the BS ;) This was the best objective of my life."


Elizabeth Dahan showed how much she loved Bertrand and enjoyed working with him during her days at Schlumberger. She wrote:
 

“I worked directly under Bertrand for 6+ years with many roles: webmaster of Cyberflex.com and Reflexreaders.com, ‘owner’ and customer support of the Smartcards webstore, graphics designer, and the maintainer of the Cyberflex discussion forum. Bertrand called me ‘the Marketing arm for the whole team."

Working with Bertrand was working with a winner! One of the favorite parts of my job was collaborating with him on all of his wonderful presentations, which had quirky titles such as “Smart Cards are Pots” or the infamous “Death of the Washing Machine.” I was one of the first people to see his presentations, because I would critique his delivery and his slides.

Bertrand would always test out his presentations at our research center. Everyone would attend his presentations. They knew if it was from Bertrand it would be GOOD! Those who have seen these presentations will be smiling and nodding their heads right now!

Bertrand was well known for his extreme French accent. Everyone made jokes about how he was a linguistics expert, but no one could understand anything he said. It took me two years to learn to understand him. He would come to my office and spout a litany of words in super-fast speed. I would say, ‘excuse me?’ And he would repeat it. I would say, ‘Can you say that one more time?’ Three times it would take! So funny. We would just laugh!

He was also very quick tempered. He would come into my office yelling with his arms waving around. ‘The server is down! What are you going to do about it?’ (For example.) I would always just laugh, because I found it so funny when he did this. Me laughing always made him laugh. It always diffused the situation.

One day I was talking to him about an issue I was having, (I can’t remember what.) He said to me, (think about this in the thickest French accent you can,) ‘Elizabeth, when it rains, you know the trees, they get wet.’ And then he walked out. Ha ha! Of course, this didn’t give me any solution. But he knew I would solve my own problem. This is how he was. He hired good people because he knew they could do the job.

I learned a lot from him. I enjoyed his hands off management style and employed it myself when I became a manager. Later after we all left Schlumberger, I would organize reunion lunches. Bertrand was often in attendance. It was always so nice to see him and hear how he was doing as a Schlumberger Fellow. He is sorely missed. He was one of my very favorite people.”


I’ll conclude with the stories told by Sal La Pietra about his interaction with Bertrand:

“I first met Bertrand long ago at a restaurant. Bertrand had an infectious
smile. His eyes and wit were as sharp as those of a Lynx. He was a big fan of Japan, and he once told me that one of his ancestors held the post of French Prime Minister for a short while. I had difficulty in understanding Bertrand’s French accent at the start, but being Italian, I soon figured out how to read the underlying meaning of his conversation.

We mainly met over lunches and a couple of times over dinner. We often started with company strategy, high assurance, and formal methods and ended up talking about food and wine. He told me what he was thinking about some companies and their technologies. Sometimes, he commented on our services and the infosec market in general. I did not always agree with him, but he usually was right.

I tried in so many ways to work closely with Bertrand. Once, atsec decided to become a certification authority (CA) and had him be part of the board of trustees for the new organization, but this project didn’t go far.

After the merger of Gemplus and Axalto to become Gemalto, now Thales, his team went through re-organization and downsizing. He asked me to hire one of his people, and I did it, and it was the best thing he ever suggested to me.

I talked with Bertrand last time at the 2013 ICMC. He was glad atsec founded the conference and predicted a promising future. Once more, you were right! Thank you, Bertrand, for everything you have done!”

Although this is the longest blog on our website, it has come to an end. Nevertheless, our thoughts on Bertrand will never end. His spirit is with us. He is watching us, guiding us, and feeling proud of what we deliver today and what we will develop tomorrow.

Acknowledgment:
Many thanks to Bertrand’s family for their support and for sharing Bertrand professionally with us.

References to Bertrand’s work and memories of Bertrand: 

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.

Subscribe to: Post Comments (Atom)