INSIDE VaultIP
INSIDE Secure announced FIPS 140-2 certification of VaultIP, the world’s first IP security module that speeds the path to silicon security certification and lowers costs for silicon platform providers.
MobiCore Protects Samsung NFC Phone
The NFC-capable smartphone from Samsung has deployed the MobiCore protected area on its application processor in which security-sensitive applications can be securely run and downloaded dynamically. The MobiCore platform will provide a secure execution environment for mobile payments authentication, emails or corporate VPN access. The first application installed in the Mobicore-protected area on the Samsung GALAXY S III is a digital rights management (DRM) application which provides digital content with effective protection against misuse. G&D’s Trusted Service Management (TSM) solution will also enable organizations such as network operators and banks to install and customize additional security-critical apps in the protected area of the smartphone.
G&D to secure Intel mobile device platform
Giesecke & Devrient (G&D) security technology was selected to deliver lifecycle management of the embedded Secure Elements within Intel’s Smartphone Reference Device. G&D will manage the partitioning and key management of the embedded Secure Elements Over-the-Air. Embedded Secure Elements provide an additional protected area for security-sensitive applications such as payments and ticketing using NFC technology. Intel has included an embedded Secure Element in its recently announced Smartphone Reference Device, in addition to the conventional SIM card slot. G&D will act as Trusted Service Manager (TSM) for the Secure Element Issuer (SEI-TSM) providing the lifecycle management of the embedded Secure Elements.
G&D & ARM
Gieseck & Devrient have partnered with digital technology provider ARM
to offer secure mobile phone platforms. As a first step the two
companies will develop a joint prototype.Through the combination of ARM
TrustZone technology, which creates a protected
area in advanced systems-on-chip, and the highly secure Mobicore
operating system developed by G&D, sensitive applications such as
electronic payment and online banking via mobile phone will be
efficiently protected from security threats.
The interplay of TrustZone and Mobicore ensures that if online services
require security-sensitive functions such as entry of username and
password or data output on a display, these functions are transferred to
the Mobicore high-security operating system running in the TrustZone
protected area of an ARM application processor. As the
security-sensitive functions are executed, Mobicore maintains control of
the secure area of a system-on-chip. Users can therefore be certain that
the data they have entered, such as their username and password, cannot
be manipulated by malware on the phone during a payment transaction.
Acceptance of mobile applications such as banking, ticketing and payment
solutions rests on the security of device and background systems
involved. For this reason, both companies have been working on
innovative security concepts. The interplay of TrustZone and Mobicore
ensures that if online services
require security-sensitive functions such as entry of username and
password or data output on a display, these functions are transferred to
the Mobicore high-security operating system running in the TrustZone
protected area of an ARM application processor. As the
security-sensitive functions are executed, Mobicore maintains control of
the secure area of a system-on-chip. Users can therefore be certain that
the data they have entered, such as their username and password, cannot
be manipulated by malware on the phone during a payment transaction.
CLX.SENTINEL
Giesecke & Devrient, CREALOGIX and EISST have brought to market
the G&D “CLX.Sentinel”. Based on the G&D Mobility Token, the
“CLX.Sentinel” reduces the risks involved in online banking thanks to
the integration of the Mobility Token with the security application,
which provides effective protection against all known cyber attacks.
Authentication requires users to plug it in, enter their pin number and
conduct secure online banking for e-banking applications. “CLX.Sentinel”
has been specifically optimized to safeguard sensitive web-based
applications as a plug-and-play solution with a zero-footprint security
solution, ensuring no trace on the computer left for potential cyber
attackers. Numerous Swiss banks already having decided to use the new
product include St. Galler Kantonalbank, Luzerner Kantonalbank,
Thurgauer Kantonalbank, Basler Kantonalbank and the Raiffeisen Group.
NXP and G&D Launch Fast Pay Devices
NXP and Giesecke & Devrient have introduced a new “Fast Pay”
contactless security chip and a new line of G&D contactless payment
devices based on this IC. “Fast Pay”-based devices have been
specifically designed to provide consumers in the U.S. and Canada with a
convenient and swift contactless payment solution. The EMVCo approved
chip offers best in class contactless performance and its “Data
Encryption Standard” hardware co-processor provides strong security and
fast transaction times, all packaged within a small footprint. “Fast
Pay” is “ISO 14443 Type A” certified and supports the latest MasterCard
and Visa contactless payment specifications.
GLOBALPLATFORM WHITE PAPER
GlobalPlatform has published a white paper entitled “Why the Mobile
Industry is
Evolving Towards Security” which discusses the importance of its GPD/STIP
Specifications and the Device Application Security Management (DASM)
Specifications to mobile telecom and handset deployment. The paper addresses
the interoperability, flexibility, reactivity and security of the open
software platform
which is designed to protect applications from different providers
within a multi-
application environment. GPD/STIP also is capable of expediting the
deployment
of secure applications on one handset, such as transport ticketing and
digital rights
management (DRM), according to the report. GlobalPlatform is a leader in
smart
card infrastructure development and has set a standard for smart card
infrastructure.
64KB Card EAL4+
Samsung Electronics’ 64KB smart card with crypto functions has received “EAL4+” level Common Criteria certification. EAL represents the level of confidence of an IT security product or system. The advanced security requirement makes the new smart card an attractive solution for security-sensitive applications such as SIM cards, E-money, Java and MULTOS cards.
NCIPHER EXPANSION
UK-based nCipher has opened an office in Singapore and has named Eric Graf
von der Recke as Sales Director for the region. nCipher already has
alliances with Hong Kong-based, Automated Systems (HK) Ltd.and Quantiq
International in Singapore and Malaysia. In conjunction with the
announcement, nCipher has also named Automated Systems (HK) as reseller for
nCipher in the People’s Republic of China. nCipher offers hardware security
modules for the e-payments industry including: “nFast,” “nForce,”
“nShield,” and “payShield.” Eric Graf von der Recke was formerly with Certicom.
NCIPHER 3Q/02
nCipher plc reported that revenues were flat at £2.8m compared to Q2/02.
However, the operating loss was reduced from £2.4m to £1.7m because the
company maintained strong gross margins (79%) and reduced our operating
overheads. After interest the company reported a net loss of £0.7m and
consumed less than £0.1m of cash. nCipher provides hardware and software
solutions that enable organizations to implement best practice security by
addressing the challenges of cryptographic key management and performance.
ALPHA VBV
Athens-based Alpha Bank has completed the implementation of
CardinalCommerce’s “Payment Authentication Platform” software for its card
issuing and transaction acquiring business. The implementation was
completed in connection with Alpha Bank’s adoption of the “Verified by
VISA” online authentication standards. Alpha Bank has 2.6 million
customers, 1.5 million active card accounts, over 70,000 merchants, and
30,000 POS terminals. Cardinal and several partners, including Delta
Singular, the largest VISA and MasterCard processor in southeastern Europe,
WorldWide Trust and Safe3w, a provider of strong authentication products,
recently formed a consortium to market online secure payment solutions in
Europe. CardinalCommerce and Delta Singular plan to activate MasterCard
“SecureCode” in the near future for Alpha Bank.
nCipher & Cardinal
CardinalCommerce and nCipher have teamed to combine nCipher’s “Hardware Security Modules” with Cardinal’s “Payment Authentication Platform”. The combined solution provides a low risk opportunity for acquiring banks, credit card and payment processor companies, issuing banks and a wide range of financial service institutions to implement cardholder and payment authentication systems