Cryptomathic News

Cryptomathic Invents Cloud Wallet

Mon, 05 Mar 2012 13:06:37 GMT

Cryptomathic has invented the market's first 'Cloud Wallet', a
ubiquitous secure mobile wallet.

The Cryptomathic Cloud Wallet enables a secure payment
application to run off a connected, trusted platform that is
accessible through a network such as the internet. It securely
links the user and all their devices - such as a smartphone, tablet
or personal computer - to their wallet.

This new method offers an alternative approach to providing
secure payment applications, which today are generally delivered
through either EMV
chips embedded in payment cards or secure elements of smartphones.
The Cryptomathic Cloud Wallet will be of particular interest to
payment schemes and issuers as it addresses all the users'
connected devices while allowing the overall system to be driven
based on risk parameters; exactly like their core business
today.

Once a cardholder has enrolled their devices with the Cloud
Wallet, they can use their wallet to make any number of
transactions using any of their enlisted devices. The Cloud Wallet
can be used, for example, to make near-field-communication (NFC)
payments at point-of-sale, enhance the security and experience of
the 3D Secure form of verification, or even perform full-scale
EMV-type transactions between the cardholder and merchant.

Matt Landrock, CEO of Cryptomathic USA, comments: "The
Cryptomathic Cloud Wallet offers a new approach to e-payments, and
how this can be delivered and managed by the payments industry.
This highly secure solution provides payment schemes and issuers
with full control of the payment applications, without having to
negotiate complicated business relationships with mobile network
operators and without having to modify or enhance the end-users
devices. With over 25 years' experience providing security to the
banking industry, we are delighted to announce this groundbreaking
invention."

The Market’s First ‘Cryptography as a Service’ Solution Launched By Cryptomathic

Wed, 29 Feb 2012 17:08:27 GMT

Cryptomathic has launched its title="Crypto Service Gateway">Crypto Service Gateway; the
market's first viable solution to deliver cryptography as a service
(CaaS). As security requirements continue to be driven by industry
and national regulation, application advancements and malicious
e-threats, CaaS provides substantial resource savings by
centralising and automating cryptography to optimise the security
infrastructure and effectively manage cryptographic hardware and
software.

Of particular interest to banks and government organisations,
which manage immense amounts of secure applications and data, the
Crypto Service Gateway provides a unified view of all cryptographic
systems. It consists of a cluster of cryptographic servers that sit
between the cryptographic software and / or Hardware Security
Modules (HSMs) - which provide secure cryptographic
processing - and the applications requiring encryption. This allows
a wide variety of applications that need data security to share the
same HSMs and cryptographic infrastructure. The number of HSMs used
by an organisation is reduced by more than 50% and all applications
can easily be integrated into the same security cloud
environment.

A centralised graphic user interface offers authorised personnel
access to comprehensive tools that manage the gateway, including
secure configuration, policy management and activity monitoring.
This streamlines processes such as key management, cryptography
hardware maintenance, security updates and testing. Transparent
auditing tools assist organisations in obtaining and maintaining
regulatory compliance.

Morten Landrock, Managing Director at Cryptomathic, comments:
"Cryptographic expertise is expensive as security professionals
need to have very specific industry experience and knowledge. In
addition to this, HSMs are very costly and organisations often
duplicate security infrastructures across different projects to
satisfy audits and compliance requirements. As the number of secure
applications and data managed by organisations continues to
increase, such technical inefficiencies will become completely
unsustainable."

Landrock explains that the development of this concept and
delivering cryptography in-the-cloud came through Cryptomathic's
work with a leading UK high street bank, and a global provider of
IT solutions to the retail and banking industry; both have trialled
and implemented the solution. He adds: "Cryptomathic has been
delivering e-security solutions for 25 years and understands the
ever-increasing complexities of the market. We predict this gateway
will revolutionise the way organisations approach cryptography by
optimising the technology infrastructure while simplifying,
centralising and automating security. For example, our solution
enables programme architects to focus on writing application
software and then flawlessly implement the cryptographic components
through the Crypto Service Gateway. This avoids human errors,
integration delays and compliance issues."

Cryptomathic's CaaS gateway is vendor neutral, can easily
integrate with third party components and adheres to the latest
industry standards. It is scalable to future requirements and
can be set-up to meet individual organisational needs.

Cryptomathic Launches Flexible Mobile Security Suite for Two-Factor Authentication

Tue, 14 Feb 2012 12:08:18 GMT

Cryptomathic has launched a range of two-factor authentication
(2FA) smart phone applications to meet the requirements of its
global clients for a user friendly and cost effective online
security solution. The suite delivers Cryptomathic's extensive
financial security expertise within a convenient and easy to use
mobile application, which enables users to securely authenticate
themselves and undertake online transactions without the need to
carry a dedicated authentication token.

Cryptomathic developed the title="Mobile AuthApp">Mobile AuthApp suite to meet advancing
security requirements for accessing sensitive information online.
With the ability to generate one-time-passwords (OTPs) on a wide
range of devices including Blackberry, Apple iOS and Google
Android, the solution delivers a versatile and effective mechanism
to protect organisations from malicious data breaches using an
everyday tool which is familiar and convenient to the
end-user. Aligning with open standards such as the Initiative
for Open AuTHentication (OATH) as well as banking industry
standards, including MasterCard Chip Authentication Protocol
and VISA Dynamic Passcode Authentication, ensures the suite
can easily be integrated into existing security systems and that
the solution is fully interoperable with the global payment
network.

Peter Landrock, Executive Chairman and Founder of Cryptomathic,
comments: "While many banks are deploying 2FA for their online
banking systems, these require end-users to carry around a separate
token. By implementing an application that can be used via smart
phones, Cryptomathic is delivering a more convenient solution that
removes the need for an additional token. This ensures the system
is easy to deploy and highly cost effective compared with legacy
tokens. It also offers the formidable security which Cryptomathic
is renowned for."

To securely log into a web application, an end user is advised
by their service provider, for example a bank, to download and
install the application onto their smart phone via the provider's
website or through an application store. Therefore, the high cost
to organisations of distributing new hardware tokens or replacing
existing ones is eliminated.

"Cost and user adoption are critical for the deployment of
large-scale authentication projects," Landrock continues.
"Cryptomathic's new Mobile AuthApp perfectly meets these
requirements and also provides added value to our many customers
who already use our SMS solutions for secure online access. The
product offers benefits to organisations including the omission of
man-in-the-middle attacks and the ability to choose the security
features and functionality they desire with no additional
cost."

Cryptomathic - 25 Years of Innovation in Securing Data

Fri, 11 Nov 2011 16:37:56 GMT

To mark Cryptomathic's 25th anniversary this month,
Executive Chairman and Founder, Peter Landrock, takes a look back
at the key industry milestones that have shaped the security
solution provider, and imparts his vision for the challenges that
lie ahead.

It is hard to believe that when Cryptomathic was established 25
years ago, the internet and email did not exist for businesses.
Their advent and rapid ubiquity quickly brought about a complete
transformation at Cryptomathic: from a small consultancy offering
advanced crypto engines for systems delivered by other companies,
to an advanced software solutions provider serving an international
customer base directly.

When the internet arrived, it brought with it a vast increase in
fraud and in response, a dire need for heightened data security
measures. Cryptomathic was well placed to respond to this need
and moved quickly to embrace innovation as a business fundamental,
specialising in creating cutting edge products and solutions which
both anticipated and answered the rapidly changing requirements of
the market.

By the mid 90's, the decision from Europay, MasterCard and Visa
to switch from magstripe to chipcard technology had been taken and
migration was underway. This resulted in debit and credit chip
cards becoming capable of generating a digital signature, enabling
them to secure transactions. At the turn of the millennium,
Cryptomathic provided a solution to Europay for debit and credit
cards. This deal fuelled our growing reputation and paved the way
for Cryptomathic to become one of the largest global suppliers of
servers for the data preparation of debit and credit applications,
whether contact or contactless on payment cards and mobile
phones.

In more recent years, levels of on and offline fraud have
continued to rise, impacting heavily on the security needs and
legislation of banks and other financial institutions. So stringent
and complex are these demands, that banks and large companies often
lack both the time and experience required to achieve full
compliance. To address this issue, over the next twelve months
Cryptomathic will be introducing not only solutions, but
cryptographic services as well, enabling the company to manage the
whole cryptographic process on behalf of its customers in a totally
secure manner.

Another crucial growth area in the security industry stems from
the uptake of mobile and cloud computing. Much hyperbole exists in
this space, but there is little doubt that cloud based
infrastructures face great challenges securing transaction
environments. One clear challenge relates to mobile access: how to
secure cryptographic payment keys on mobile devices that are
notoriously unsecure? Also, will it be possible to establish
trustworthy end-to-end security zones within the cloud? The answer
to both these questions lies in bootstrapping security into the
cloud architectures using existing, isolated, secure stepping
stones, without ubiquitous dedicated hardware security.

The next twelve months will see Cryptomathic tackling these
challenges head on, drawing on the efforts and experience gained
over 25 years of innovation.

Cryptomathic Opens First US Office

Thu, 04 Aug 2011 11:07:45 GMT

Cryptomathic has opened its first office in the USA, which is
located in San José, California in the Silicon Valley. The new
operation will be headed up by Cryptomathic's Executive Vice
President, Matt Landrock, and is ideally positioned to support our
existing and future US customer base, which includes card
processors, payment schemes and technology providers.

The significant growth in our US customer-base over recent
months has been the key driving factor behind Cryptomathic's
decision to open its fifth international operation. The new
facility will complement the existing network which includes
Cryptomathic's UK-based innovation centre, Denmark's research and
development operation and two further offices in Germany and
Canada.

Matt Landrock has played a central role in Cryptomathic's global
expansion since he joined the company more than 15 years ago and
was responsible for establishing both the German and Canadian
locations. Commenting on his latest position to launch the USA
operation, Matt said: "The Silicon Valley is home to some of the
world's largest technology corporations and is at the core of
high-tech innovation and development. Once the commercial decision
was made to open in the USA, we felt that this location would allow
us to effectively monitor regional e-security solution market
requirements and efficiently respond. Additionally, as our Canadian
office is in Montreal, Cryptomathic can now service the entire
region coast-to-coast."

Established 25 years ago, Cryptomathic was one of the first
companies in the world to provide e-security solutions to
businesses across a wide range of industry sectors. It's Founder
and President, Peter Landrock, is still recognised today for his
pioneering work to advance cryptographic methods and was
shortlisted last year for the European Inventor Award for 2010
within the lifetime achievement category. Today, Cryptomathic is a
market leader in providing e-security solutions across areas
including key management, EMV, digital
signatures and virtual smart cards. Cryptomathic has a global
customer base of more than 300 companies and governments, including
multinationals, such as card payment processors and payment
schemes.

Cryptomathic and OMA Emirates Work in Partnership to Deliver The National Bank of Umm Al Quwain's Card Issuance Programme

Mon, 04 Jul 2011 15:51:41 GMT

The National Bank of Umm Al Quwain (NBQ) has acquired and
installed Cryptomathic's data preparation system CardInk and OMA
Emirates' personalisation software NanoPerso to facilitate the
issuance of its entire debit and credit card portfolio.

CardInk - from security solutions specialist Cryptomathic -
generates the personalisation data, including all cryptographic
data, for the issuer's chip and magnetic stripe payment
cards. The data is passed to OMA Emirates' personalisation
software NanoPerso, which drives NBQ's in-house personalisation
systems and ensures that data generated by CardInk is personalised
appropriately for both Mastercard and Visa EMV cards. This
proven, turnkey solution ensures that data generation, key
management and personalisation is undertaken within a highly secure
environment, which is simple and efficient to operate.

Peter Landrock, Executive Chairman of Cryptomathic, comments:
"Working in partnership with OMA Emirates has enabled us to provide
a complete end-to-end solution for NBQ, and we are delighted to
provide them with our advanced technology. Cryptomathic and
OMA Emirates now look forward to offering other financial
institutions in the Middle East -and indeed across the world - the
opportunity to implement, for immediate use, data preparation and
personalisation systems for their card programmes."

Niranj Sangal, Head - Business Development for OMA-SG,
commented: "The industry is currently experiencing a new wave of
innovation. OMA/Solution Gulf and Cryptomathic are working with NBQ
to accelerate its activities, by supplying a global end-to-end
secure solution on the EMV issuance that now allows them to manage
their card issuing business quickly and simple."

CardInk is the only major system that is both HSM (Hardware
Security Module) vendor and card platform independent, ensuring
flexibility for any card issuing environment, supporting
GlobalPlatform, Multos and native cards.

MasterCard Worldwide Appoints Cryptomathic to Manage Data Preparation for its Mobile Over-The-Air Provisioning Service

Mon, 04 Jul 2011 15:48:17 GMT

Global payment company MasterCard Worldwide has selected
e-security solution provider Cryptomathic, to manage the data
preparation requirements for its deployment of the MasterCard®
Mobile Over The Air Provisioning Service to enable MasterCard®
PayPass™ application to be provisioned on to mobile phones.

MasterCard PayPass is a contactless payment application that
allows consumers to quickly and conveniently purchase goods and
services at outlets where contactless payment terminals have been
installed by merchants. The new PayPass offering enables
consumers to make small-item purchases with a tap of their mobile
phone. Once a bank has signed up to offer the service, its
customers can register for the service with MasterCard, who, on
behalf of the bank, will issue the PayPass application over-the-air
directly onto the customers' mobile phone handset.

The Mobile Over The Air Provisioning Service (MOTAPS) is
operated and managed entirely by MasterCard, with the exception of
the data preparation system which is performed by Cryptomathic's
CardInk. This solution will generate the personalisation data
for MasterCard PayPass mobile phone applications provisioned
through this service, ensuring a highly secure environment for data
generation and cryptographic key management during the application
issuing process.

DnB NOR, Norway's largest financial services group is the first
user of the service, offering its customers the opportunity to
enjoy the benefits of mobile contactless payments.

James Anderson, vice president, Mobile, MasterCard Worldwide,
comments: "MasterCard has established the Mobile Over-the-Air
Provisioning Service, the world's first and only NFC program
platform of its kind. It is a robust solution that enables the
issuer to capture more mobile payments and seize greater market
share through innovation - quickly, at low cost and with vastly
reduced effort. The Cryptomathic CardInk product has been chosen as
the only external element to this service, as it provides
MasterCard with an industry-leading data generation solution, which
is highly secure, efficient and scalable to future programme
requirements."

Peter Landrock, Executive Chairman of Cryptomathic,
comments: "We are delighted to deliver CardInk for the
MasterCard PayPass mobile phone offering. MasterCard has been
using the Cryptomathic key management system since 1998, and our
work together has helped develop CardInk into the sophisticated
solution available today. The team looks forward to
supporting MasterCard in the secure and successful deployment of
this advanced payment application to end-users."

Cryptomathic CardInk is the only major system that is both
Hardware Security Module (HSM) vendor and card platform
independent, ensuring flexibility for any card issuing
environment. With CardInk, all data generation and
preparation takes place inside a tamper resistant HSM, making it
one of the most secure solutions currently available.

Butler Group Delivers Positive Audit of Cryptomathic Authenticator

Mon, 04 Jul 2011 15:40:43 GMT

A technology audit carried out by Butler Group (a Datamonitor
company) on Cryptomathic's Authenticator has commended the company
on its server-based two-factor-authentication (2FA) solution which
meets the user verification requirements of the banking and payment
industry.

The Cryptomathic Authenticator has been designed for use within
banking applications and other customer-facing management systems,
to provide 2FA to customers and/or businesses who wish to undertake
secure financial transactions or access services online. Its
role is to eliminate the incidences of successful phishing,
pharming and man-in-the-middle attacks.

The Butler Group report, undertaken in March 2009, acknowledges
that due to the vendor-independent approach adopted by
Cryptomathic, the solution can support more than ten front-end
authentication mechanisms, including static and partial passwords,
proprietary tokens, OATH tokens, Chip Authentication Protocol
(CAP), SMS, grid cards and voice recognition among others.
Authenticator also supports Hardware Security Modules (HSM) from a
variety of vendors, including nCipher (Thales), IBM and
Safenet. According to the Butler Group, this provides much
needed flexibility to financial services organisations when
required to roll out 2FA technology to secure internet banking and
online payment facilities.

Additionally, the report credits the scalability of the product,
which provides an open capacity to integrate all new authentication
mechanisms as and when they gain market adoption, and its ability
to support clustering and failover functionality.

Professor Peter Landrock, Executive Chairman of Cryptomathic,
comments: "The Butler Group is well respected throughout the
business world for the impartiality and incisiveness of its
research and opinion. To receive such a positive audit on our
authenticator solution is a great outcome and reinforces
Authenticator's position as the most functional, flexible and
cost-efficient solution on the market."

More generally, the report promotes the product's ability to
deliver strong business and user protection from identity theft,
and the subsequent cost savings that can be realised by preventing
fraudulent attacks on banking systems. A further argument
raised in favour of the solution, and 2FA authentication, is that
the visible protection it offers encourages customers to continue
to use cost-effective, online, self-service facilities, rather than
reverting to other more expensive channels.

Peter concludes: "With a notable rise in the number of
high-profile security breaches, and the resulting pressure on banks
to safeguard customer identity data, we envisage a continued high
level of acceptance of our authentication solution within the
commercial banking industry."

CEDICAM Uses Cryptomathic's CardInk for The Deployment of Dual Interface Payment Cards

Mon, 04 Jul 2011 15:37:06 GMT

CEDICAM, the payment flow and systems subsidiary of the Crédit
Agricole Group, has selected Cryptomathic's CardInk data
preparation solution for its deployment of tens of thousands of
dual-interface payment cards next month. The programme will
be France's first large scale roll-out of chip cards featuring both
contact and contactless payment applications.

CEDICAM, which personalises over nine million payment cards for
the Credit Agricole regional banks each year, will use
Cryptomathic's data preparation technology to generate the
personalisation data - including all cryptographic data - for the
dual-interface chip cards. To be issued to customers from
March 2009 onwards, the new payment cards will enable the holder to
benefit from France's growing contactless payment infrastructures
for small value transactions.

Brigitte Charlier, Director Electronics Payments at CEDICAM,
comments: "There have been many 'tap and go' payment technologies
piloted but this will be the first large scale deployment of chip
cards that offer both contact and contactless payment
options. It is a groundbreaking project which would not have
been realised without Cryptomathic's CardInk. The level of
customisation and configuration that the solution offers ensures a
highly secure environment for data generation and key management
during the card issuing process, while its flexibility and
effectiveness allows us to implement pioneering programmes such as
this."

Guillaume Forget, Sales Manager at Cryptomathic, comments:
"CEDICAM purchased the CardInk solution over seven years ago, and
during this period we have worked together to continually evolve
the technology to deliver innovative card products. We are
delighted that Cedicam will utilise the capabilities of CardInk to
issue a high volume of dual-interface cards. We look forward
to continuing our partnership with CEDICAM to ensure that end users
have a successful, smooth and secure transition to dual-interface
payment cards."

Cryptomathic's CardInk is the only major system that is both
Hardware Security Module (HSM) vendor and card platform
independent, ensuring flexibility for any card issuing
environment. With CardInk, all data generation and
preparation takes place inside a tamper resistant HSM, making it
one of the safest solutions currently available.

Cryptomathic Joins OASIS

Tue, 21 Jun 2011 11:26:05 GMT

Cryptomathic has joined the membership of OASIS (Organisation
for the Advancement of Structured Information Standards), in a move
which demonstrates the company's dedication to help shape the
future of the key management system (KMS) market.

KMS expert Cryptomathic, is one of the world's leading providers
of security solutions to businesses across a wide range of industry
sectors including finance, smart card, digital rights management
and government. It has joined OASIS as a Contributor and will
participate in the Key Management Interoperability Protocol
Technical Committee to assist in its work to advance a single,
comprehensive protocol for communication between encryption systems
and a broad range of new and legacy enterprise applications. This
includes email, databases and storage devices.

target="_blank">Cryptomathic KMS is a fully automated life
cycle key management system. It was launched in 2007 and offers an
immediate return on investment by removing the need to have key
custodians present to manually install and regularly manage the
lifecycle of keys on devices. It enables instructions to be issued
individually to system operators, allowing them to control their
keys independently online, working from their own desks, seamlessly
and securely 'pushing' keys into the correct location. The simple
and uncomplicated process reduces human error while enabling keys
to be updated more frequently without additional costs to a
financial institute or its customers.

Speaking about the membership, Boris Schumperli, Project Manager
for Cryptomathic KMS, said: "Across most industries the
requirements for managing a constantly increasing number of
cryptographic keys and certificates are becoming ever more complex.
Ensuring that the right key is in the right place at the right time
is a necessity to most global organisations within the financial
sector.

"Cryptomathic KMS is compatible with current industry standards
and is used by major global organisations include global card
payment schemes, multinational banks and third party service
providers. To ensure market interoperability we see it as a
priority to work with OASIS to standardise key management
procedures across the industry."

"OASIS is pleased to welcome Cryptomathic as the newest member
of our KMIP Technical Committee, said Laurent Liscia, Executive
Director of OASIS. "We applaud Cryptomathic's commitment to open
standards and its dedication to assuring interoperability in the
key management space. We look forward to the contributions
Cryptomathic will bring to the KMIP Committee as the group advances
its work."

Dan Quirke Joins Cryptomathic

Fri, 03 Jun 2011 11:44:55 GMT

Cryptomathic has announced the appointment of Dan Quirke as
Solutions Architect based at the UK office in Cambridge. Dan will
be responsible for tailoring Cryptomathic's existing products and
services to meet the requirements of its European customer
base.

Dan joins the company with a wealth of experience gained through
working in the security industry for eleven years. In his previous
role at French based Gemalto, Dan worked in the Security Business
Unit where he was responsible for designing identity and access
management solutions for Gemalto's largest strategic customers.

Speaking about his appointment, Dan comments: "Cryptomathic is a
well known and respected organisation within the security industry.
I had worked alongside Cryptomathic in some of my previous roles
and was therefore aware of its pioneering products and services and
its unique market knowledge. I am especially eager to work with the
Cryptomathic HSM Portal, which is a cryptographic service that
allows HSMs to be securely shared across a wide variety of
applications."

Morten Landrock, Managing Director for Cryptomathic's UK office,
adds: "Dan's experience and industry knowledge will be invaluable
to Cryptomathic, and we are delighted to have Dan join our
team."

Cryptomathic Demonstrates its Commitment in the Middle East

Thu, 05 May 2011 15:54:43 GMT

Cryptomathic, a global e-security solutions provider, will be
exhibiting at this year's Cards Middle East Exhibition to be held
in Abu Dhabi on 17-18 May 2011. During the event, the company will
be demonstrating its latest technology for EMV data preparation,
two-factor authentication, digital signatures, key management, PKI
and hardware security module (HSM) management.

With 25 years' experience, Cryptomathic is regarded as one of
the world's leading providers of security solutions to businesses
across a wide range of industry sectors including finance, smart
card, digital rights management and government. On its highly
skilled team are staff fluent in Arabic and that have extensive
experience in delivering systems for e-banking, PKI initiatives,
card personalisation, e-passport, card issuing and advanced key
management.

Professor Peter Landrock, Cryptomathic Executive Chairman and
Founder, comments: "The Middle East is an exciting market to be
operating in due to its vibrant economy that has embraced digital
technologies. Cryptomathic prides itself not only on the strong
technical expertise that we offer, but also our unique market
knowledge and ability to work in many different languages. With our
team currently supporting around 25 customers across Kuwait, Qatar,
Saudi Arabia and Yemen in their delivery of EMV solutions, we are
delighted to be able to offer our clients the support of a
permanent and fluent Arabic team. Long-term, Cryptomathic will
continue to commit resources in this important region to ensure we
fully support the market's long-term needs."

Visit Cryptomathic at stand 20 and meet Abdelouahed Elrhassir
and Matt Landrock to find out more about the important role of
e-security within the digital economy, get views from the team on
the Middle East market and receive demonstrations on how the
technology works.

Nets and Cryptomathic Settle Dispute

Mon, 18 Apr 2011 12:09:53 GMT

Nets (previously BBS, Norway and PBS, Denmark) and IT security
vendor Cryptomathic have announced that a settlement has been
reached to resolve a disagreement regarding the interpretation of a
patent owned by Cryptomathic. The patent concerns the method
related to user authentication coupled with digital signatures
using server-side keys. The dispute relates to the Norwegian
security solution BankID.

Following last year's verdict at Oslo Tingrett (Oslo District
Court), both parties appealed to Lagmannsretten (the Court of
Appeal). Today, Nets and Cryptomathic have withdrawn their appeals
and agreed to a settlement that offers advantages to both parties.
Through this arrangement, Nets has received a license for the use
of Cryptomathic's patents for central signature servers in
Norway.

The founder of Cryptomathic, Prof. Peter Landrock, explains: "We
have been cooperating with various entities of the Nets group of
companies for more than a decade now and we are committed to
evolving our cooperation further over the years to come. The patent
dispute has been a serious roadblock impeding the further extension
of cooperation so I am very pleased that we were finally able to
settle our dispute. The settlement agreement recognises
Cryptomathic's technical contributions as well as Nets'
requirements to maintain and expand its leadership as a supplier of
secure, scalable and user-friendly digital signature
solutions."

Concerning the relationship with Cryptomathic, Jesper Bramming,
CFO of Nets, adds: "Cryptomathic is second-to-none within its
field. We are pleased to announce that Nets has obtained the
license rights to make use of Cryptomathic's patents as part of the
agreement with Cryptomathic. The cooperation with Cryptomathic will
help secure Nets' continued growth and competitiveness."

Cryptomathic and CPS Technologies to Offer Online Banking Authentication Services

Mon, 14 Feb 2011 16:48:49 GMT

ABnote French subsidiary, CPS Technologies, has partnered with
e-security solutions provider, Cryptomathic, to offer its financial
clients robust online two-factor authentication services, from
token distribution to one-time-passwords (OTP) validation and
integration solutions.

The technology, which is centred around the vendor neutral
Cryptomathic Authenticator, will enable CPS Technologies' clients
to protect their internet banking facilities against sophisticated
online financial crimes by authenticating e-banking users by means
of OTP. One of the main advantages of the solution is its
flexibility with regard to authentication method, allowing banks to
choose the most appropriate devices to issue to its
customers. For example, SMS, mobile readers in combination
with EMV payment cards or OTP tokens are all compatible with the
system.

Olivier Cau, Security and Technical Director at CPS
Technologies, comments: "French banks predominately use static
passwords to authenticate online customers. However, to
ensure internet transaction security and protect customers from the
increasingly advanced fraudulent attacks being undertaken, CPS
Technologies acknowledged that tougher measures were
required. By partnering with Cryptomathic we are now able to
provide the highest level of two-factor authentication banking
security, yet offer clients flexibility in how this is implemented
and used by their customers."

Peter Landrock, Executive Chairman and co-Founder of
Cryptomathic, adds: "Cryptomathic is delighted to be working in
partnership with CPS Technologies to deliver sophisticated
two-factor authentication services to the French market. It
is vital that customers feel safe when using online banking
services and CPS Technologies' investment highlights its continued
commitment to protecting e-bankers from financial online
criminals."

Cryptomathic Joins MULTOS Consortium

Mon, 14 Feb 2011 16:47:19 GMT

Leading security solutions provider, Cryptomathic, has announced
its membership of the MULTOS consortium. It becomes the first
and only Public Key Infrastructure (PKI) vendor to join the
consortium's membership ranks.

Joining at the Business/Systems Membership Level, Cryptomathic's
marketing and technical experts will participate in the MAOSCO
Business Advisory Group and the Systems Forum meetings. From
a technical viewpoint, Cryptomathic aims to contribute towards the
development of the MULTOS specifications, by sharing specialist
knowledge regarding, among other things, encryption standards.

Cryptomathic's intention is to ensure that in addition to
supporting MULTOS specifications through its key products -
including CardInk, Key Management System and Certification
Authority - the company is able to input into the future evolution
of the technology.

Cryptomathic is currently finalising its support for the
packaging of MULTOS step/one application load units in response to
customer demand and this should be completed in February
2008. MULTOS step/one is the entry level multi-application
Operating System for issuers migrating to EMV with Static Data
Authentication (SDA).

Professor Peter Landrock, Executive Chairman of Cryptomathic,
comments: "Cryptomathic's aim is to offer our customers the widest
possible choice of solutions to fit their exact requirements, so it
is important that our products are capable of supporting as many
applications and platforms as possible. Our membership to
MULTOS has been driven by the need to fully accommodate existing
and potential customers using this platform and we look forward to
actively engaging with the consortium. We anticipate that
Cryptomathic's vast experience as a security solutions provider and
PKI vendor will enable us to offer ideas and recommendations to aid
in the enhancement of MULTOS specifications, particularly for the
ID card space."

Tim France-Massey, Chairman of the MULTOS Business Advisory
Group, adds: "We are happy that Cryptomathic has become a member of
the MULTOS Consortium and we welcome the company's plans to support
MULTOS through its far-reaching and well established data
preparation, key management and Certificate Authority
solutions. This will ultimately lead to more choice for
issuers."

Cryptomathic's EMV data preparation product, CardInk, already
supports the data preparation of many MULTOS applications including
the latest MasterCard Integrated Chip Application (MICA) - which
includes PayPass and CAP, plus VSDC and SPAN2.

Cryptomathic Opens Office in North America

Mon, 14 Feb 2011 16:43:45 GMT

Leading security solutions provider, Cryptomathic, has announced
the launch of a new office in Montréal, Canada. With an
established office network throughout Europe, the opening of the
new location is part of Cryptomathic's global expansion strategy to
provide US and Canadian customers with local business and technical
support.

Boris Schumperli will head up the Canadian operation. With
over ten years' consulting experience in the smart card security
industry, Boris has worked in both the financial and telecoms
sectors, specialising in EMV migration and Key Management Systems
(KMS) technology. Boris' accumulated wealth of expertise will
enable him to work closely with Cryptomathic's existing clients
within the region.

Professor Peter Landrock, Executive Chairman of Cryptomathic,
comments: "There is currently high demand for security solutions
within the North American banking sector. In particular, we
have witnessed increasing orders for EMV data preparation solutions
for contact and contactless payment cards, as well as automated key
management systems, two-factor authentication technologies and
Public Key Infrastructure (PKI) expertise. With an increasing
number of clients based in North America, it is logical for
Cryptomathic to establish a presence in the region to monitor
market trends and ensure the highest level of service
delivery."

Peter concludes: "Due to high market demand, Cryptomathic's
established regional visibility, and the wealth of security
solutions experience and regional knowledge offered by our
international network, we expect the North American office to be
extremely successful and expand rapidly."

Desjardins Group Uses CardInk for EMV Card Issuance in Canada

Mon, 14 Feb 2011 16:32:27 GMT

Cryptomathic has signed a contract with Canada's largest
cooperative financial group, Desjardins, to supply its CardInk data
preparation system for use in Desjardins' EMV payment card issuance
program. The program will involve the issuance of chip cards
to the cooperative's base of member-owners over the next four to
five years.

CardInk - Cryptomathic's second generation EMV data preparation
system for single and multiple application cards - will generate
the personalisation data for all Desjardins' EMV cards, including
all cryptographic data, ensuring a highly secure environment for
data generation and key management in the card issuing process.

Jean Yelle, Vice-President of Desjardins Card Services,
comments: "We have chosen Cryptomathic, and its CardInk product,
because they have clearly shown their world-wide expertise in this
field. Their ability to address Desjardins' specific needs
and timeline lead us both to success and a new partnership."

Peter Landrock, Executive Chairman of Cryptomathic, comments:
"We are very pleased to be working with Desjardins on its national
EMV payment cards issuance programme. The performance,
efficiency and suitability of CardInk for this deployment have
already been proved in the trial and we look forward to continuing
our work with Desjardins in order to ensure that the organisation's
member-owners enjoy a successful, smooth and secure transition to
EMV payment cards."

Cryptomathic's CardInk data preparation system can be used by
Canadian issuers to support Interac, the Canadian national debit
application, in addition to MasterCard's EMV and Chip
Authentication Program (CAP), Visa Smart Debit/Credit (VSDC) and
Dynamic Passcode Authentication (DPA), and contactless payment
applications.

Cryptomathic Attains Gold Certified Partner Status in Microsoft Partner Program

Mon, 14 Feb 2011 16:29:52 GMT

e-Security solutions provider Cryptomathic, has today announced
it has attained Gold Certified Partner status in the Microsoft
Partner Program with a competency in ISV / Software, recognizing
Cryptomathic's expertise and impact in the technology
marketplace. As a Gold Certified Partner, Cryptomathic has
demonstrated expertise with Microsoft technologies and a proven
ability to meet customers' needs. Microsoft Gold Certified
Partners receive a rich set of benefits, including access, training
and support, giving them a competitive advantage in the
channel.

Cryptomathic is a leading provider of security solutions to
businesses across a wide range of industry sectors, including
finance, smart card, digital rights management and government,
delivering systems for e-banking, PKI initiatives, card
personalization, ePassport, card issuing, and advanced key
management. It has been awarded Gold Certified Partner status
for its extensive software development capabilities.

Peter Landrock, executive chairman of Cryptomathic, comments:
"With over 20 years' experience, Cryptomathic delivers
best-of-breed security software and services. We continually
aim to improve our solutions and strive to achieve the highest
industry recognition. We are, therefore, extremely pleased to
have attained Gold Certified Partner status in the Microsoft
Partner Program. It allows us to clearly promote our
expertise and relationship with Microsoft to our customers, and
through the benefits provided, enables Cryptomathic to further
enhance its offerings."

"Customers are looking for partner companies that can bridge the
gap between their business demands and technology capabilities,"
said Allison Watson, corporate vice president of the Worldwide
Partner Group at Microsoft Corp. "They need to trust in a
company that can act as an expert adviser for their long-term
strategic technology plans. Microsoft Gold Certified
Partners, which have certified expertise and direct training and
support from Microsoft, can build a positive customer experience
with our technologies. Today, Microsoft recognizes
Cryptomathic as a new Gold Certified Partner for demonstrating its
expertise in providing customer satisfaction using Microsoft
products and technology."

As one of the requirements for attaining Gold Certified Partner
status, Cryptomathic had to declare a Microsoft Competency.
Microsoft Competencies are designed to help differentiate a
partner's capabilities with specific Microsoft technologies to
customers looking for a particular type of solution. Each
Competency has a unique set of requirements and benefits,
formulated to accurately represent the specific skills and services
that partners bring to the technology industry. Within select
Competencies, there are Specializations that focus on specific
solution areas that recognize deeper expertise within that
Competency. Serving as a specialized path to earning those
Competencies, Specializations give direct access to the tools and
resources that support that specific area of focus.

The ISV/Software Solutions Competency recognizes the skill and
focus partners bring to a particular solution set. Microsoft
Gold Certified Partners that have obtained this competency have a
successful record of developing and marketing packed software based
on Microsoft technologies.

"Solutions competencies are an important way for Microsoft to
better enable ISVs to meet customer needs," said Sanjay
Parthasarathy, corporate vice president of the Developer and
Platform Evangelism Group at Microsoft Corp. "They allow ISVs
to keep and win customers through their deep knowledge of
solutions-based Microsoft platform technologies. Microsoft
has a long history of working closely with ISV partners to help
them deliver compelling solutions and applications to our mutual
customers, and the Microsoft Competencies are an important step in
continuing to enhance vital relationships with ISVs worldwide."

The Microsoft Partner Program was launched in October 2003 and
represents Microsoft's ongoing commitment to the success of
partners worldwide. The program offers a single, integrated
partnering framework that recognizes partner expertise, rewards the
total impact that partners have in the technology marketplace, and
delivers more value to help partners' businesses be successful.

Cryptomathic Files Suit Against BSS, Norge for Patent Infringement

Mon, 14 Feb 2011 16:27:19 GMT

Cryptomathic has today announced that it has initiated
litigation in the courts of Oslo, Norway against BBSAS for patent
infringement.

Cryptomathic has alleged infringement of its patent in BBS'
BankID products related to digital signatures and user
authentication using a central server for key storage and signature
generation. The patent-in-suit is one of Cryptomathic's fundamental
patents used for securing e-banking and e-government transactions,
and is a world-leading version of a mobile, secure electronic and
digital signature which cannot be repudiated.

In its complaint, Cryptomathic alleges that BBS has infringed
and continues to infringe, contributes to and induces the
infringement of Cryptomathic's patent by making, using, offering
for sale and selling products and services without being licensed
by Cryptomathic to do so. BSS's BankID solution is used by
approximately 1.75 million end-users to authenticate themselves by
having messages or content signed centrally on their behalf with
individual private keys.

"We have invested heavily in secure, mobile signature solutions
based on two-factor authentication which offer high security as
well as ease and convenience to the end-user. Our approach is based
on research and development carried out over many years, and we
feel strongly that we deserve fair acknowledgement from companies
and organisations using our patented technology," said Professor
Peter Landrock, Executive Chairman of the Board of Cryptomathic.
"This core technology contributed to Cryptomathic earning a
nomination as one of the 40 most innovative companies in the world
at the World Economic Forum in Davos in 2003. We prefer to resolve
such issues through commercial discussions without litigation but
have so far been unsuccessful with BBS. Hence we are left with no
alternative but to file suit."

Cryptomathic is represented by Grette, one of Norway's leading
law firms with specialty in Intellectual Property and IT.

Cryptomathic Launches ePassport High-Speed Inspection Technology

Mon, 14 Feb 2011 16:24:14 GMT

A solution that will dramatically accelerate the speed of
inspecting ePassports has been launched by security solutions
specialist, Cryptomathic. The new technology addresses
government concerns that the extended time taken to retrieve
ePassport biometric data will result in unmanageable queues and
costly delays at busy international border points, by eliminating
the need to transfer data from the ePassport chip onto the border
control system every time a traveller enters the country.

Part of Cryptomathic's ID Inspector portfolio, the solution
allows inspection systems to store elements of a traveller's
biometric details - at a port-of-entry or national level - such
that it is impossible to access the data unless the physical
ePassport is present. The technology will enable Basic Access
Control ePassports to be read almost instantaneously, while
increasing the speed of inspecting Extended Access Control
ePassports by a factor of four. Known as the 'encrypt and
destroy technique', the solution satisfies EU ePassport privacy and
data protection laws.

Mike Bond, Security Director at Cryptomathic UK and creator of
the solution, explains: "As the EU has mandated that all its
issuing authorities will introduce second generation ePassports
containing fingerprint biometrics by June of 2009, border
inspectors are increasingly concerned that it will be impossible to
electronically process every traveller within a reasonable time
without radical increases in staffing levels. And they have every
right to be concerned: it can take as long as ten seconds to read
out all biometric data from some ePassports, which would result in
immense delays at international border crossings. The travellers
are disrupted and so is security."

The Cryptomathic solution is a special sort of caching
mechanism, a storage area that holds an encrypted version of the
ePassport biometric data, scrambled using an encryption key and
identified by a pseudonym which are both derived from the ePassport
itself. When the ePassport has its initial contact with the
border control station, the biometric data is transferred from the
chip into the inspection system, and at the same time a unique key
is calculated from the ePassport chip which is used to encrypt the
stored data. Crucially, the storage key is then deleted from
the memory of the border control system to make it impossible to
retrieve the stored data. In order to recreate the decryption
key for the record and view the biometric data, the original
ePassport document must be connected to the inspection
system.

Mike concludes: "The quantity of biometric data stored on
ePassports will inevitably rise as other biometrics gain
popularity, like iris codes. Advances in chip technology will
make a difference over the coming years, but it is hard to achieve
the optimal inspection conditions required to benefit from faster
chips at busy border points, and such improvements can do nothing
to assist the hundreds of millions of ePassports that are already
in the field.

"The global investment and commitment to deploying ePassports is
considerable. If a country's implementation is too hurried or
poorly thought out, border controllers will have to compromise in
the inspection procedures. They may only inspect ePassports for
travellers already identified as suspicious for example, which
would weaken the security benefits of the technology, and
travellers would soon be asking why they had to pay so much for
their ePassport if it is hardly ever read. By securely
caching traveller details upon passport application or first border
crossing, these delays can be significantly reduced saving both
time and money. Cryptomathic is delighted to bring this
important solution to market."

Phantom Cash Machine Withdrawals Can Haunt Customers

Mon, 20 Dec 2010 16:07:22 GMT

href="http://www.guardian.co.uk/money/2010/oct/16/cash-machine-withdrawals?INTCMP=SRCH"
target="_blank">David Dix talks to Miles Brignall

You're sure you didn't take out that £240, but the bank insists
you did. So what next?

It's the moment anyone who regularly checks their bank statement
most fears. You are looking down the list of transactions and spot
one you don't recognise. A rogue cash machine withdrawal of more
than £200, seemingly made while you were fast asleep at 2am. You
rack your brain and even look through your diary to establish
whether it could have possibly been you (or your partner if it's a
joint account).

In most cases that rogue withdrawal turns out to be genuine. You
eventually remember you did take out the cash. But what happens if
your investigations hit a dead end and you are adamant the money
could only have been taken fraudulently? You would probably expect
the bank to refund you. But what if it refuses your claim because
it says your card and pin were used to access the cash?

This is the position Katrina Smith finds herself in. The
businesswoman is currently in dispute with her bank, HSBC, after
£240 was mysteriously taken from her account, at 2.10am from a cash
machine in St James's Street, just round the corner from her
Brighton home.

Despite her repeated protestations that she did not withdraw the
money, the bank has refused to reimburse her.

HSBC says the fact it can show her actual card and pin were used
indicates she must have acted negligently. It says its stance is
strictly in line with previous Financial Ombudsman Service findings
following similar ATM disputes.

Smith's problems started on 19 August when, looking online, she
spotted the disputed withdrawal. She knew that on the previous
night, on the way to the cinema, she had taken out £40 from the
same ATM that was used for the disputed withdrawal.

On the way home just after midnight she withdrew £20 from
another ATM in the same street, but was certain she hadn't taken
out the third, much larger amount. She checked her wallet and still
had her debit card, and rang the bank to inform them the £240
withdrawal was "fraudulent".

"The call centre person insisted it had to be me, since it was
my card and pin that had been used. When I categorically denied
this, she asked me if anyone else was with me during the earlier
withdrawal around midnight. I said my boyfriend had been, and she
then accused him of stealing my card while I was asleep. She
repeatedly asked if I had taken the money. I took great exception
to this. I've banked with HSBC since the early 1980s and have had
my business account with them since the mid-1990s. I certainly have
no need to try to steal their money."

Her bank card was stopped and she was told the fraud department
would look into it.

Two weeks later she received a letter from HSBC refusing a
refund on the basis that the bank was sure her actual card - not a
cloned version - had been used with her pin. She appealed against
this decision, asking whether the ATM had a camera, and was told
she would get a response within 10 days.

When this deadline passed, she again contacted the bank and was
told she would have to reactivate the complaint. At this stage she
contacted Guardian Money. We asked the bank to look at her case,
and were told HSBC would not be refunding her the cash.

Smith, who runs a successful TV bookings business, was furious.
"I'm really pissed off about this, as it seems I'm guilty until
proven innocent. If the bank checked the pattern of my withdrawals,
they would soon see I've rarely, if ever, withdrawn large amounts
of money, and certainly not at 2am. I have plenty of money - I
don't need to try to defraud HSBC. If it was my boyfriend, he would
have had to get up in the night, go out, get the money and get back
into bed beside me, all without waking me up. It just doesn't make
sense."

HSBC told us: "Her debit card was not stolen, but used by
someone who had access to it in conjunction with her pin at her
local ATM for a one-off withdrawal precisely equal to the remainder
of her daily cash withdrawal allowance. We have provided the
Guardian with the ATM record proving that her exact card was used
and both the pin and value of withdrawal were entered accurately on
the first attempt.

"Whoever used the card, took it and replaced it, knew her pin
and the exact maximum they could withdraw. No further fraudulent
activity was attempted using her card. With this knowledge, it is
our view that on the balance of probability she was negligent with
her personal information and we will not be refunding her."

But are cash machines truly infallible? Every few months it
seems there is a story in the press about a malfunctioning ATM
somewhere that is handing out too much cash. Usually, news of the
fault spreads like wildfire, and huge queues build up until the
glitch is put right or the machine runs out of notes. And readers
with long memories will recall that in the early days of ATMs the
banks adamantly refused to admit that "phantom withdrawals" were
possible - a stance they were later forced to abandon.

Smith's is certainly not the first recent dispute of this kind.
In January 2008 the Guardian reported how football coach Alain Job
took the Halifax to court after £2,100 was taken from ATMs, even
though he said his card had never left his side. Pensioner Donald
Reddell described losing £3,000 in phantom withdrawals from ATMs
even though his Barclaycard had only ever been used in a cash
machine to change the pin, and was then placed in his safe. Both
claims were denied.

The Financial Services Authority's Moneymadeclear website says
bank customers' liability for unauthorised transactions before
reporting them to the bank will usually be capped at £50 unless you
were "grossly negligent" in keeping your details safe. Some readers
will wonder what this means, and whether you can be grossly
negligent while asleep.

The banks are guided by the Financial Ombudsman Service's (FOS)
previous findings following similar disputes, though a spokesman
was this week keen to stress that every case is examined on its
individual merits.

"Generally, we would not expect a bank or building society to
reject a complaint on the grounds that the pin had been used with
the card without fully investigating the complaint. We will ask the
customer to provide background about the events that took place
around the transaction too. Just because the banks expect us to
find in a certain way doesn't necessarily mean we will," he
says.

For an independent view of Smith's case, we asked one of the
UK's leading experts on ATM fraud, David Dix of the Cambridge-based
firm Cryptomathic, to have a look at the detail. His immediate
response was that the circumstances did not look good for her.

"It's very unusual in bank fraud cases for the card to be used
in the nearest ATM to the customer's home. Generally, if the card
is cloned and the pin captured, the fraudulent purchases happen
outside the UK, where chip and pin technology is yet to be
installed. As far as I am aware, there have been no cases of the
chips in UK bank cards being cloned and used to take money out of
ATMs. It is theoretically possible in a lab, but we haven't seen
any cases yet on the streets."

Asked whether there could be some other possible explanation,
Dix says it is hard for customers in Smith's shoes. "The problem is
that the bank holds all the cards, and they are reluctant to hand
over the information to customers. If it were an ATM malfunction,
this would be fairly easy to spot.

"Also, the bank will know if there have been any other attempted
transactions after the card was stopped, but they never give this
information to bank customers, unless they are forced to in court.
If Ms Smith went to court, she would probably lose. There have been
other similar cases, and in the most recent the judge has always
sided with the banks."

Back in Brighton, Smith says she won't be suing, as it would
cost more than her loss. Instead she says she will apply to the
FOS, which will cost the bank around £500. She is also set to move
both her business and private account away from the bank, plus all
associated savings.

Katrina Smith is not her real name

Cryptomathic's CardInk Chosen by First Data in Poland

Mon, 20 Dec 2010 14:40:48 GMT

Cryptomathic today announced that First Data, a global
leader in electronic commerce and payment processing, has
selected Cryptomathic's CardInk solution for the production
of EMV cards in Poland. First Data's Poland business will also use
Cryptomathic's Key Management System (KMS) to manage the lifecycle
of device keys.

CardInk is Cryptomathic's EMV data preparation system for
contact and contactless cards and helps to ensure a highly secure
card production environment. First Data will use the system to
generate personalisation and cryptographic data for all EMV
compliant cards produced by First Data on behalf of its Polish
customers.

Cryptomathic's Key Management System (KMS) will also be
implemented by First Data, to manage the lifecycle of cryptographic
keys for both card acquirers and issuers. Compatible with all
major industry standards, Cryptomathic's KMS will enable the
service provider to adopt an automated, standardised and
centralised approach to managing cryptographic keys while reducing
the need for manual intervention.

"Cryptomathic has enjoyed an on-going relationship with other
First Data businesses for a number of years to supply and help
maintain secure and scalable data generation and key management
environments. We are very pleased to be extending our
services to the company's Poland business," said Morten Landrock,
managing director of Cryptomathic UK.

"We were looking for a security solutions provider that could
work with us over the long-term and provide advice and guidance on
the most appropriate security system for our Polish business.
CardInk offered a proven solution," said Janusz Diemko, managing
director of First Data's business in Poland.

Founder and President of Cryptomathic Nominated for European Inventor Award

Mon, 20 Dec 2010 14:31:28 GMT

Professor Peter Landrock, Founder and President of Cryptomathic,
has been nominated for the European Inventor Award for 2010 within
the lifetime achievement category. Peter has been recognised
for his pioneering work to advance cryptographic methods, many of
which are used today for the digital transmission of secured
data. He is one of three individuals nominated in this
category and the only one based in the UK and working in the IT
industry.

The European Inventor Award is a highly regarded innovation
prize presented annually by the European Patent Office (EPO)
together with the European Commission. It honours outstanding
inventions which have responded to today's challenges and
contributed to progress and prosperity. As a renowned expert
on applied cryptography, Peter has been nominated for the Lifetime
Achievement Award in acknowledgment of the important work he has
carried out in research projects sponsored in part under the
European Commission, and continues to undertake for Cryptomathic
and its clients to address real and practical problems in secure
data communication.

Peter's ability to integrate his inventions successfully into
practical, commercial technology solutions means that citizens,
banks, companies and public offices can quickly and effectively
communicate electronically in a secure manner. Not only has
Peter's work enabled the internet to become a secure medium for a
number of applications, but it has also contributed to improved
organisational efficiencies, supported e-innovation and encouraged
environmentally friendly practices by replacing paper based
communication. His innovations include secure trading with
electronic Bills of Lading deployed internationally, and central
signature servers used in solutions across several European
countries for mobile qualified digital signatures with legal values
for citizens, companies and public offices. Examples of such
solutions include Luxtrust in Luxemburg and OCES (Offentlige
Certifikater til Elektronisk Service) in Denmark. The Danish
Government's National IT and Telecoms Agency has recently announced
the more advanced second generation of this latter nationwide
solution, which is based on Cryptomathic's central signature server
architecture.

Today, Peter continues to advance his inventions and bring them
to market through his company Cryptomathic, an e-security solutions
provider that he established over 20 years ago alongside two fellow
cryptographers. Commenting on his nomination, he says: "This is a
fantastic surprise and I am delighted to be recognised for my
work.

"Mathematics is my passion and the success of my inventions
means that I can continue to conduct research, both applied and
pure, to support new and emerging technological requirements.
It also affords me the opportunity to engage in meaningful and
challenging work with some very clever and motivating people to
deliver important solutions for businesses across many sectors
globally, including financial institutions, government departments,
and digital rights management providers."

Vice-President Antonio Tajani, EU Commissioner for Industry and
Entrepreneurship, adds: "The nominees underline the richness of the
human imagination. Their inventions mean a lot for mankind
and for shaping our modern world; yet their innovatory spirit also
helps to create jobs in Europe that strengthen its
competitiveness. I hope these inventors encourage others to
follow their paths."

The winners of all four categories - industry, SMEs/research,
non-European countries and lifetime achievement - will be chosen by
a high-ranking international jury, and announced by EPO President
Alison Brimelow in Madrid on Wednesday, 28 April.

Sagem Orga do Brasil Selects Cryptomathic's CardInk

Mon, 18 Oct 2010 11:36:48 GMT

Sagem Orga do Brasil, the leading Latin American smart card
manufacturer, has appointed Cryptomathic to deliver its data
preparation solution, CardInk. The system will be integral to
Sagem Orga do Brasil's issuance of EMV debit and credit
cards.CardInk is Cryptomathic's second generation EMV data
preparation system for single and multiple application cards.

On behalf of its banking customers, Sagem Orga do Brasil will
use the solution to generate payment application data for various
card schemes including MasterCard and Visa for which Sermepa
Advantis technology is used. As well as creating all
cryptographic data, CardInk ensures data is prepared and keys are
managed in a highly secure environment throughout the card issuing
process.

Richard Marques, Technology Director at Sagem Orga do Brasil,
comments: "Cryptomathic has extensive global expertise in data
preparation, and we are delighted to be working with the
team. The CardInk solution offers Sagem Orga do Brasil a
highly secure and scalable data preparation system with the
technical capability to support industry-leading projects in the
future. This includes the forthcoming issuance of MULTOS
cards in response to the banking community's progress to deploy
multiple-application cards to end-users. We look
forward to a prosperous long-term partnership with
Cryptomathic."

Guillaume Forget, Sales Manager at Cryptomathic, comments: "As
one of the leading card personalisation bureaux in Latin America,
we are very pleased to be working with Sagem Orga do Brasil as part
of its EMV payment cards issuance programme. Cryptomathic
also looks forward to advancing the Sagem Orga do Brasil's CardInk
solution to align with the future needs of its customers, and the
market's evolution towards multiple-application payment card
implementations. It is certainly an exciting time for the
payments industry in the region, and we are delighted to share our
expertise to assist in the realisation of its vision."

Irish Life & Permanent Selects Cryptomathic to Deliver Authentication Services

Mon, 18 Oct 2010 11:36:11 GMT

Irish Life & Permanent (IL&P) has implemented
Cryptomathic's href="/products/authentication-signing/authenticator"
target="_blank">two-factor authentication solution to secure
its remote banking channels. The Cryptomathic Authenticator
has been deployed by the financial services provider to protect its
customer base of over one million against sophisticated financial
crimes, such as phishing, and to improve overall customer
experience.

The drive behind IL&P's move to deliver stronger
authentication is to secure the initialisation of payments through
its Open24 internet banking platform and GTX telephone banking
system. Cryptomathic's Authenticator was chosen over
other solutions available in the marketplace for its flexibility in
supporting multiple authentication mechanisms and token form
factors. Additionally, it could easily integrate into the
bank's existing back-end infrastructure and is able to interface
with IL&P's two distinct internal systems - Open24 and GTX -
through its ability to run as a standalone service.

IL&P selected the SMS token to send one-time-passwords (OTP)
to customers via their mobile phones. Using the mobile phone ties
into IL&P's mobile banking strategy and negates the requirement
for a large scale delivery of tokens. It also provides a high
level of security as the OTP is delivered to the customer
'out-of-band' and not through the existing user interface
network, such as an internet banking application. To
ensure business continuity and scalability to support its 24/7
internet banking operation, IL&P has deployed Cryptomathic's
Authenticator at two of its data centres, enabling access to a
standby system at all times.

Karina O'Donnell, Head of Customer Operations, IL&P,
comments: "Prior to this project we used security call backs as an
additional method to reduce the possibility of fraud but it was not
well received by our customers and was extremely cumbersome to
maintain. Cryptomathic had a clear understanding of the
issues facing IL&P and delivered exactly what was needed - a
robust, flexible and future-proof authentication solution.
The customer feedback has been excellent."

Morten Landrock, Managing Director of Cryptomathic UK, adds:
"Cryptomathic is delighted to be working with IL&P to protect
the Irish banking community from financial crimes. It is
imperative that customers feel safe and confident when using remote
banking channels and IL&P's investment in 'out-of-band'
authentication using SMS highlights its commitment to delivering
strong security, yet offering a good and convenient customer
experience. "

Cryptomathic's Technology Supports UKPC Authentication Mechanisms

Mon, 18 Oct 2010 10:50:05 GMT

Cryptomathic's two-factor authentication server, Authenticator,
supports all mechanisms outlined in a multi-factor authentication
security review carried out by the UK Payments Council (UKPC) , the
organisation that sets strategy for UK payments, and Accenture, the
global management consulting, technology services and outsourcing
company.

Undertaken earlier this year, the security review combines the
results of a comprehensive survey on authentication and industry
expertise. The aim of the document, which supports the
launch of a new authentication modelling tool, is to share
knowledge with banks and businesses to better equip them in
tackling security challenges, and to select the right technologies
to secure their customers' activities online.

Designed for scalable applications, Cryptomathic's Authenticator
is able to support all the authentication mechanisms outlined in
the report. The technology assists organisations,
particularly banks, in combating the risk of online fraud by
securing financial transactions and accessing services
online. Its flexibility to support multiple authentication
mechanisms prevents 'vendor lock-in', enables Cryptomathic's
customers to shop around for the most suitable and cost effective
authentication method, and receive the highest possible return on
their investment.

David Dix, Electronic Payments Expert at Cryptomathic, comments:
"We are delighted that this report re-confirms the Authenticator's
position as one of the most flexible and up-to-date solutions
currently available to banks to enable them to deliver strong user
protection from identity theft. With a wide and growing range
of user and transaction authentication methods entering the market,
the Authenticator is able to adapt to future requirements whilst
safeguarding the value of an initial investment."

The security review explores three different authentication
strategies - risk based authentication, adaptive authentication and
knowledge based authentication - as well as the available token
types, including: paper (e.g. Transactional Access Number list),
memory (e.g. a PIN), device independent software (e.g. Public Key
Infrastructure), device and/or location dependant hardware (e.g.
Chip Authentication Protocol) and out of band (e.g. SMS). The
report rates each mechanism on criteria such as usability, utility,
ease of implementation, security and performance. EMV
CAP technology achieved the highest score for multi-factor
authentication technology.