Enabling HSM Cryptography as an Integrated Service - Part 1 of 3

An updated version of this article is available under this link.

Managing Hardware Cryptography in the Enterprise since the Millennium

There has been a substantial increase in the use of cryptographic techniques and Hardware Security Modules (HSM's) in larger commercial enterprises, and banks in particular, since the upsurge of online services in the late 1990's. Invariably this has been undertaken on a project basis, with each project having its own goals and initial budget.

Read more

The Weakest Link in Many Cryptosystems - Part 2 of 2

RSA, a short recap

In a public key scheme, and for the sake of simplicity, assume a public scheme based on encryption-decryption (as opposed to e.g. DSA, the Digital Signature Algorithm, where the digital signature generated by the secret key is verified to satisfy a mathematic equation using the corresponding public key), you have two mathematical functions, called keys, the secret key S and the public key P

Read more

The Weakest Link in Many Cryptosystems – Part 1 of 2


It is well-known and appreciated by most users - even if often ignored(!) - that if you choose a weak password, you are exposing yourself to various risks. Whether your password is used for encryption of confidential data or just for access control doesn't really matter, so let's assume for a minute that it is actually used to encrypt your data - or perhaps to encrypt a key that is used to encrypt your data. The situation you are in is that

Read more

Fully Homomorphic Encryption

- hype or the answer to all our prayers?

A couple of years ago, Craig Gentry produced a break-through result in cryptography: what researchers had been dreaming about for more than 25 years was finally possible: Gentry had shown how to do so-called Fully Homomorphic Encryption (FHE). What this allows is for a party A to receive encryptions of a set of inputs to some computation. A does not have the key for decryption and so has no idea what the inputs are

Read more

Q: What's in a Logo? A: Mathematics

Maybe you have wondered where our logo comes from and what it actually means. If you have, we hope the following will answer these questions.

Just as our name suggests, mathematics is the strong foundation on which our company has been built. The same applies to our logo.

The Cryptomathic logo is a 4D (4-dimensional) cube projected onto a 2D (2-dimensional) plane, with one 3D (3-dimensional) cube highlighted. However, we, as terrestrial

Read more

Delivering Advanced Electronic Signatures - via a central signing server

The notion of Advanced Electronic Signature was introduced in the European Directive for electronic signatures[1], which remains today an important milestone for the standardisation and legal recognition of electronic signatures. Advanced Electronic Signatures (hereinafter AdES) offer a very practical method to protect information and provide trust in electronic business. They can be embedded in popular document formats such as PDF, XML and CMS messages[2] and are also the base stone for creating qualified electronic signatures (QES)[3]

Art. 2 of the directive contains some requirements on signatory identification and. This paper describes how a central signature server can fulfill these requirements. This article relates to the European Commission Standardisation mandate m460 to CEN and ETSI on electronic signatures and is proposed as input for the ETSI standard prTS 14167-5.

Read more

EMV: The Fraud Bulldozer

These days everyone has a stake in Chip and PIN security - it can be the topic of the over-the-counter conversation as you pay, of the boardroom executives at a bank, or over a pint at the pub. So how is EMV, the electronic payments standard underlying Chip and PIN shaping up? And what is the modern landscape of payments fraud? Here, Mike Bond, Technical Director at Cryptomathic, shares his opinion.  

Read more

Where 2FA and PKI Meet

Under pressure from sophisticated attacks and rising fraud, many B2C organisations of the financial industry are currently enhancing the static password based authentication to their web applications to something stronger - the 2FA age. 2-Factor Authentication (2FA) is currently achieving large scale deployments and consumer adoption where PKI failed a few years ago.

From a technical standpoint, PKI offers significant benefits including the possibility to sign tran

Read more

Are the Dynamics of Card Fraud Changing?

In 2009, the RBS WorldPay ATM network reportedly lost $9 million to a 30 minute fraud attack across 49 cities, in different countries, using just 100 cloned cards. On the face of it, the $9 million dollar yield from the attack is a large enough figure to make headline news, but perhaps not that shocking in this day and age where the total UK card fraud exceeded £500 million in the past year, according to APACS figures. What is possibly more serious in this particular scenario is the method

Read more