1 / 26

Advances in Card Solutions

Advances in Card Solutions. 7 th Annual CACR April 25, 2001. Certicom Overview. Founded in 1985, 340 employees Offices in Toronto, San Francisco, Dulles, and London Listed on both Toronto Stock Exchange & the NASDAQ Strong patent portfolio in wireless/mobile security

duman
Download Presentation

Advances in Card Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advances in Card Solutions 7th Annual CACR April 25, 2001

  2. Certicom Overview • Founded in 1985, 340 employees • Offices in Toronto, San Francisco, Dulles, and London • Listed on both Toronto Stock Exchange & the NASDAQ • Strong patent portfolio in wireless/mobile security • Sponsors cryptographic research at University of Waterloo and Stanford University • Has over 150 licensees

  3. Security for the Next 20 Years • Encryption Underlies all Internet Security • Existing Encryption Technology is 20 Years Old • Certicom Owns the Next Generation Encryption Technology • Elliptic Curve Cryptography (ECC) • Designed for Mobile, Wireless Smart Card Environments • Security for the Next 20 Years

  4. Industry Leading Customers

  5. Industry Leading Customers

  6. Agenda • PKI, Cards, Wireless – Where are we? • Common challenges • Security Solutions – how can Crypto help? • Success stories to watch… • Concluding Remarks

  7. Visibility Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity Time Classic Hype Cycle

  8. Visibility We are here Scotia Bank Deploys B2C PKI American Express Releases Blue Identrus Formed Verisign Acquires NSI Entrust Merges with EnCommerce PKI Disappears Into Application Visa Announces 3-D SSL Industry Policy Authorities Form PC Makers add SmartCard Readers E-Sign Laws Signed Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity Time PKI Hype Cycle 1999 RSA Conference Entrust IPO Verisign IPO Verisign formed 1994 RSA Conference PGP Introduced Public Key Encryption Developed Source: Gartner Group

  9. Visibility Are we here? EMV New York Joint Trials 1996 Olympics (Visa Cash) Smart Card Disappears into card, device, etc 1995 Mondex Swindon, England Visa Launches eVisa Industry Policy Authorities Form American Express Launches Blue PC Makers add SmartCard Readers Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity Time Smart Card Hype Cycle

  10. Are we here? Visibility Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity Time Wireless Hype Cycle Location-based Services WTLS WAP SMS

  11. Visibility Time Coming Together We must be here My “Optimist’s” view! PKI Cycle Smart Card Wireless eCommerce

  12. Information Security Threats Fraud • Problem • Impersonation or identity theft • Credit card fraud • Impact • Massive financial loss • Merchants absorb most of the losses • Slows adoption of e-Commerce

  13. Credit Card Fraud • Meridien Research predicts that by 2001, online credit card fraud could cost merchants $9 billion a year, and that by 2003 the cost could reach $15 billion

  14. Challenges • Wireless is bandwidth constrained • Pay per byte transmitted over networks • Latency of messaging • Proximity card performance • Battery life • Resource limitations • Smart card processors fit within 25 sq mm • PDA, pager, cell handsets • Devices may look different, but It’s the same problem

  15. ECC – A Part of any Solution ECC Key Size (Bits) RSA Key Size (Bits) Key Size Ratio 163 1,024 1 : 6 283 3,072 1 : 11 409 7,680 1 : 19 571 15,360 1 : 27

  16. Not Viable! Traditional Technology • Digitally Signed Transaction on a Palm VII Using Traditional Encryption Technology

  17. Instantaneous Trust! Certicom Technology • Digitally Signed Transaction on a Palm VII Using Certicom Technology

  18. Solutions emerging • Proximity devices • Intelligent use of Public Key technology • Not just PKI • Combinations of PK, PKI and trust models • Solutions for business needs

  19. Incentives for end customers • Sex appeal factor • Hide security from consumers • Assure privacy, integrity of transactions • For Financials • Make it smooth for the merchants • Avoid discount rate discussions ;-)

  20. Example successes • Proximity in North America • WMATA • Mobil Speed Pass • Large card rollouts • American Express Blue • eVisa • MasterCard announcement with Keycorp • Key differences… • Proximity solutions seem to gain user acceptance!

  21. Proximity solutions • ECC enables secure solutions • Payment • Terminal communications • Total transaction time required • <150ms • ECDSA Sign Performance by Certicom • < 90 ms for a signature • Viable for demanding proximity protocol solutions

  22. On Card Key Generation • Private key is “perfect secret” • A random number • Public key is computed by multiplying private key with the “generator point” • Same complexity as signature generation • No risk of primality testing • Total process typically less than 2 seconds • Enables keys as demanded by business process, user generated • Avoids key injection requirements at mfg time

  23. PK Solutions to Match • Digital Signature Authentication Solutions • Just in time security • On card key generation for business app use • TrustPoint PKI Portal registration of keys • MobileTrust CA services • Small certificates by design • CA supports business process • NOT business process driven by CA

  24. System Architecture Client Certificate Server Certificate Secure Client Application Secure Server Application PKI Client PKI Tools Protocols Protocols Crypto Crypto Wireless Device Application Server Public-key Infrastructure Registration Authority (RA) Certificate Authority (CA)

  25. TrustPoint PKI Portal

  26. Conclusions • ECC solutions provide the Right solution for todays security needs • Proximity solutions need high security – ECC meets the challenge • On card key generation • <150ms total transaction times • Emerging business applications need Public Key Technology

More Related