MasterCard and Cryptographic Research: an International Retail Financial Services Industry perspective Michael Ward VP, Emerging Technologies Product Security MasterCard International STORK Cryptography Workshop, Bruges, 27 November 2002
Contents � Emerging Technologies and New Payment Channels � Durable and Evolvable Cryptography � Compound Mechanisms 2 of 10
Emerging Technologies and New Payment Channels � Smart Cards: EMV, Electronic Purse, Data Storage � Contact, Contactless � E-commerce Internet � M-commerce Mobile Phones � Cardholder Verification 3 of 10
Cardholder Verification “ My PIN is 1234 ” • Iris scan • Facial recognition • Speaker / Voice • Fingerprint • Key strokes • Hand geometry My body is • Signature verification my password 4 of 10
Threats Registration Replay Identity theft Ease of use 5 of 10
Durable & Evolvable Cryptography International Standards � ISO/IEC JTC1 SC17 Identification Cards � ISO/IEC JTC1 SC27 Security Techniques � ISO TC68 SC2 and SC6 Financial Services � IEEE P1363 � IETF PKIX � NESSIE 6 of 10
Durable & Evolvable Cryptography Continued Research into Proofs of Security � Security Models � Proof Models (ROM, Generic Group) � International Standards (ISO, IEEE, IETF) � Asymmetric encryption (OAEP, PKCS) 7 of 10
Compound Mechanisms � Authenticated Encryption � Symmetric Key Exchange using Asymmetric cryptography � Incremental cryptography � Random number generation and key generation � Mix and matching � DPA-resistant hash using DES or RSA 8 of 10
Recommend
More recommend
