Delivering Advanced Electronic Signatures - via a central signing server

The notion of Advanced Electronic Signature was introduced in the European Directive for electronic signatures[1], which remains today an important milestone for the standardisation and legal recognition of electronic signatures. Advanced Electronic Signatures (hereinafter AdES) offer a very practical method to protect information and provide trust in electronic business. They can be embedded in popular document formats such as PDF, XML and CMS messages[2] and are also the base stone for creating qualified electronic signatures (QES)[3]

Art. 2 of the directive contains some requirements on signatory identification and. This paper describes how a central signature server can fulfill these requirements. This article relates to the European Commission Standardisation mandate m460 to CEN and ETSI on electronic signatures and is proposed as input for the ETSI standard prTS 14167-5.

Read more

EMV: The Fraud Bulldozer

These days everyone has a stake in Chip and PIN security - it can be the topic of the over-the-counter conversation as you pay, of the boardroom executives at a bank, or over a pint at the pub. So how is EMV, the electronic payments standard underlying Chip and PIN shaping up? And what is the modern landscape of payments fraud? Here, Mike Bond, Technical Director at Cryptomathic, shares his opinion.  

Read more

Where 2FA and PKI Meet

Under pressure from sophisticated attacks and rising fraud, many B2C organisations of the financial industry are currently enhancing the static password based authentication to their web applications to something stronger - the 2FA age. 2-Factor Authentication (2FA) is currently achieving large scale deployments and consumer adoption where PKI failed a few years ago.

From a technical standpoint, PKI offers significant benefits including the possibility to sign tran

Read more

Are the Dynamics of Card Fraud Changing?

In 2009, the RBS WorldPay ATM network reportedly lost $9 million to a 30 minute fraud attack across 49 cities, in different countries, using just 100 cloned cards. On the face of it, the $9 million dollar yield from the attack is a large enough figure to make headline news, but perhaps not that shocking in this day and age where the total UK card fraud exceeded £500 million in the past year, according to APACS figures. What is possibly more serious in this particular scenario is the method

Read more

GlobalPlatform Key Management System

This article provides an overview of GlobalPlatform (GP) Key Management and includes a proposed architecture for an efficient GP Key Management System (KMS) based on the Cryptomathic - Crypto Key Management System (CKMS). This article is not intended to cover all possible uses of GlobalPlatform, but is meant to provide an overview of how it may well be used in an environment where the chip is personalized centrally, after

Read more

epassport inspection: The Need for Speed

Ever since the EU mandated the introduction of biometric ePassports containing fingerprints there has been a flurry of technology development and innovation to make biometric ePassports a reality. Much of this played out behind the scenes, but now electronic passports are slowly working their way towards the forefront of the public consciousness since they are sufficiently widespread for researchers and journalists to play with. There have already been a number of security scare stories where

Read more

The Trusted Platform Module Explained

Introducing the TPM

The Trusted Platform Module (TPM) is a special purpose microcontroller designed by the Trusted Computing Group, which interfaces with a standard hardware/software platform in order to allow it to be secured to serve the interests of just one party - the system designer.

The current generation of TPMs (version 1.2) are stand-alone chips which are usually surface mounted onto the motherboard of a PC, or integrated into a custom

Read more

Issuing MULTOS Cards

MULTOS cards are being deployed in steadily increasing numbers and Cryptomathic is delighted to be involved in MULTOS projects across the globe.

MULTOS is a high-security card platform and issuing model in which the "personalization" of cards with the cardholders' data is done in one single logical step before reaching the actual personalization machines. This is quite the opposite to the standard method of personalizing native cards where the data is sent to the cards, element by

Read more

Authenticated Encryption

A New Cryptographic Primitive?

By far the oldest and perhaps also the best-known goal of cryptographic methods is the protection of secrecy, or confidentiality, of data. This goal is achieved by employing encryption techniques. Decryption can only be performed by someone possessing the right decryption key.

Of far greater relevance in most commercial applications is the protection of the correctness, or authenticity, of data. This goal is achieved by means of digital signatures,

Read more