OT-Morpho is leveraging its end-to-end digital payment offering: ranging from the PEARL by OT-Morpho embedded Secure Element (eSE) and related payment applications to its comprehensive Digital Enablement Platform for secure tokenization and provisioning services. Relying on OT-Morpho’s digitization solution, Santander’s cardholders are now able to securely enroll and provision tokenized payment cards in any eligible Samsung phone. Santander’s customers will then be able to use their digital cards stored in the Samsung Pay mobile wallet app on any compatible point of sale payment terminal in Spain and beyond, just as they use their contactless card today. The contactless acceptance and infrastructure in Spain is very dynamic with 1.6 million contactless payment terminals and 74.51 million contactless cards already deployed in the field.

"We are very proud to offer Samsung Pay to our clients, bringing innovation and new technology to our customers with the widest offer in mobile payments, meeting once more our commitment to our clients and exceeding their expectations. Thanks to OT-Morpho and their proven platform and technologies, we were able to make it happen in a secure, easy and fast way, keeping Banco Santander ahead in the digital payments race", said Carlos Palacios, Products Director at Santander.

"We are enthusiastic about deploying Samsung Pay with Santander in Spain and bringing this new mobile payment service to many other issuers who will partner with us across Europe. This is further recognition not only of our unmatched expertise in digital payments, but also the acknowledgement of the strong relationship we have built with Santander. OT-Morpho’s platform is field-proven and rolled out at scale in a dozen of countries, already digitizing millions of cards globally," declared Eric Duforest, OT-Morpho, Managing Director of the Financial Services Institutions business at OT.

"well positioned to support us thanks to their banking customer footprint and leadership. The Samsung brand is very strong in Spain and we are looking forward to scaling our service, in particular with Santander which has pioneered and demonstrated its commitment to encourage mobile payment deployment in the country," added David Alonso, Enterprise Business Director at Samsung Electronics.

Based on G+D's Convego CloudPay solution, de Volksbank will provide mobile wallet applications for its customers using Android NFC phones. The mobile wallet supports all Mastercard and Visa branded debit cards issued by the banks of the group. Users can apply for a mobile card for the wallet. The cards are then tokenized by the payment scheme (i.e. Mastercard or Visa) and delivered securely over-the-air by the G+D Convego CloudPay service to the mobile phone of the customer. Users can pay with this mobile card at any contactless enabled POS terminal.

The combination of Mastercard and Visa branded cards in one solution is one of the first implementations of this kind worldwide. Consumers benefit from the quick enrolment and speedy delivery of the mobile payment card – independent of time and place - in only a few seconds.

"G+D Mobile Security operates a service, integrating and connecting de Volksbank and its wallet to the token services of the payment schemes,” said Carsten Ahrens, CEO of G+D Mobile Security. “With our solution for the different brands of de Volksbank group, G+D Mobile Security is pioneering a project where both Mastercard and Visa token services are enabled for the bank’s HCE wallet at the same time."

About G+D Mobile Security
G+D Mobile Security is a global mobile security technology company headquartered in Munich, Germany. The company is part of the Giesecke+Devrient group. G+D Mobile Security has a workforce of 5,800 employees and generated sales of approximately EUR 860 m in the 2016 fiscal year. More than 50 sales and partner offices as well as 20+ certified production and personalization sites and data centers ensure customer proximity worldwide.

G+D Mobile Security manages and secures billions of digital identities throughout their entire life cycle. Our products and solutions are used by commercial banks, mobile network operators, car and mobile device manufacturers, business enterprises, transit authorities and health insurances and their customers every day to secure payment, communication and device-to-device interaction. G+D Mobile Security is a technology leader its markets and holds a strong competitive position. For more information, please visit: www.gi-de.com/mobile-security

“It is clear from all of the great sessions and discussions last week – including advancements for derived credentials, innovative uses of technologies like near field communications and alternative authentication technologies, and a call-to-action to accelerate the adoption of interoperable identity and access solutions – that there is a real sense of urgency to push identity and security forward in government,” said Randy Vanderhoof, executive director of the Secure Technology Alliance. “With the majority of attendees from federal agencies, this event has become a hub for government and security executives and industry leaders to come together to make real progress in this space.”

In a discussion on federal identity programs and standards, speakers gave an update on the status of derived PIV[1] credentials and expanding the use of PIV credentials to mobile devices. They highlighted that while the root of trust starts with PIV, the industry is considering how to utilize different types of identifiers and authenticators on mobile devices to allow authentication at different levels of assurance for different applications. Speakers noted that today, derived PIV credentials are being piloted in some one-off developments for specific use cases and there is no standard implementation being widely adopted – but there is potential for this in the future.

Innovations Improving Identity Security in Government

In a panel, moderated by Anil John, Department of Homeland Security, on the DHS’s Identity Management and Data Privacy Research and Development Program, three federal program leads outlined the efforts surrounding innovative technologies for improving security, identity and privacy in government:

- John Fessler, Exponent & Kantara Initiative, discussed an ongoing project that enables the use of derived credentials over a secure near field communications (NFC) channel using Opacity technology on a mobile device for physical access control
- Michael Queralt, Queralt, Inc., described the company’s research project on mapping PIV credentials onto FIDO-compliant devices to grant mobile users simpler access to applications and data while requiring a higher level of authentication
- Devu Manikantan Shila, United Technologies Research Corporation, outlined a project called Context Aware Security Technology for Responsive and Adaptive Protection (CASTRA) that leverages analytics on mobile sensor data to learn various human behavioral traits, such as gait, location, proximity and app usage, to enable an active authentication capability

Joseph Stuntz, Office of Management and Budget and James Sheire, GSA Office of Government-wide Policy shared updates on the impact of the new Executive Order strengthening the cybersecurity of federal networks and critical infrastructure, and GSA’s efforts for improving identity and security in government through their new website, www.IDManagement.gov. The website, which is now live, provides the federal government with more digestible digital assets that can be easily updated as policies and regulations change.

Another innovation making an impact on government is the NIST[2] Special Publication 800-63-3 on “Digital Identity Guidelines,” which outline the identity proofing and authentication requirements for Federal agencies implementing digital identity services. At the event, speaker Paul Grassi, NIST Trusted Identity Group, said the guidelines are slated to be published later this month. As a next step, Grassi said NIST plans to build on these requirements by providing actionable guidance for implementation.

A Call to Action for Open, Interoperable Authentication

The one-day showcase wrapped up with a call-to-action discussion on what the industry can do to further accelerate the adoption of interoperable solutions for federal identity management and access security. Moderator Randy Vanderhoof, Secure Technology Alliance, and federal government panelists Tim Baldridge, Department of Defense, LaChelle LeVan, GSA[3]/FICAM[4], and Michael Garcia, NIST Trusted Identity Group discussed that today’s methods of identification and authentication for access are too single-sourced, and don’t provide enough flexibility for new and emerging use cases, such as remote access. Panelists came to the conclusion that there is no one-size-fits-all authentication solution for government – instead, the industry needs more open, interoperable solutions that can be used for a variety of use cases.

For more information on the Secure Technology Alliance and government identity resources, visit the Government Identity/Credentialing Resources on the Secure Technology Alliance website.

About the Secure Technology Alliance

The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT).

The Secure Technology Alliance, formerly known as the Smart Card Alliance, invests heavily in education on the appropriate uses of secure technologies to enable privacy and data protection. The Secure Technology Alliance delivers on its mission through training, research, publications, industry outreach and open forums for end users and industry stakeholders in payments, mobile, healthcare, identity and access, transportation, and the IoT in the U.S. and Latin America.

For more information, please visit www.securetechalliance.org.

Contact
Megan Shamas
Montner Tech PR
203-226-9290
mshamas@montner.com

[1] Personal Identity Verification

[2] National Institute of Standards and Technology

[3] General Services Administration

[4] Federal Identity, Credential, and Access Management

G+D Mobile Security expects to benefit particularly from CPS Technologies’ high-tech bank card personalization and service management center. CPS Technologies provides delivery and card personalization, identification, transport and loyalty services. The company was founded in 1992 and is based in Craponne, France (close to Lyon). Since end of 2012, CPS Technologies operated as a subsidiary of Safran Morpho.

“With the acquisition of CPS Technologies, G+D Mobile Security underlines its strategic commitment to the French payment card market,“ states Carsten Ahrens, CEO of G+D Mobile Security. “We are looking forward to leveraging the strong service capabilities of CPS Technologies combined with our innovative digital payment solutions. By developing our local personalization capabilities, French bank customers can directly benefit from fast reaction times and fast deliveries in line with the service commitment and technical leadership of G+D Mobile Security.”

“We consider this acquisition as a unique opportunity and we are happy to join a global technology leader in payment and communication,“ says Philippe Delanoue, CEO of CPS Technologies. “We share many values with G+D Mobile Security – trust, reliability, high sense of quality – and our entire team is convinced that jointly we will bring additional value to the market.”

About Giesecke+Devrient
Giesecke+Devrient (G+D) is a global security technology group headquartered in Munich, Germany. Founded in 1852, the Group has a workforce of 11,300 employees and generated sales of approximately EUR 2,1 billion in the 2016 fiscal year. 72 subsidiaries and joint ventures in 32 countries ensure customer proximity worldwide.

G+D develops, produces, and distributes products and solutions in the payment, secure communication, and identity management sectors. G+D is a technology leader in these markets and holds a strong competitive position. The Group’s customer base mainly comprises central and commercial banks, mobile network operators, business enterprises, governments, and public authorities. For more information, please visit: www.gi-de.com.

“Demonstrating post-quantum cryptography on a contactless security chip puts Infineon in a leading position in this field,” said Stefan Hofschen, President of the Chip Card & Security Division of Infineon. “Our security solutions rely on trusted and standardized private and public key algorithms. To better respond to security threats that are yet to come, we continuously collaborate with the academic community, customers and partners. And we push for future standards that can be executed efficiently and securely on small and embedded devices.”

Quantum computer attacks on today’s cryptography are expected to become reality within the next 15 to 20 years. Once available, quantum computers could solve certain calculations much faster than today’s computers, threatening even best currently known security algorithms such as RSA and ECC. Various internet standards like Transport Layer Security (TLS), S/MIME or PGP/ GPG use cryptography based on RSA or ECC to protect data communication with smart cards, computers, servers or industrial control systems. Online banking on “https” sites or “instant messaging” encryption on mobile phones are well-known examples.

Chip memory size and computation time are key

Security experts at Infineon’s Munich headquarters and the Center of Excellence for contactless technologies in Graz, Austria, made a breakthrough in this field. They implemented a post-quantum key exchange scheme on a commercially available contactless smart card chip. Key exchange schemes are used to establish an encrypted channel between two parties. The deployed algorithm is a variant of “New Hope”, a quantum-resistant cryptosystem also explored successfully by Google on a development version of the Chrome browser.

“The phantom of the quantum computer is keeping academia and the IT industry on high alert,” said Thomas Pöppelmann from Infineon’s Chip Card & Security Division, who has been co-developing the New Hope algorithm. “At Infineon, we are proud to be the first to transfer PQC onto contactless smart cards. Our challenges comprised the small chip size and limited memory capacity to store and execute such a complex algorithm as well as the transaction speed.” Thomas Pöppelmann and his co-researchers received the prestigious Facebook Internet Defense Prize 2016 for the development of New Hope.

In a world of quantum computers, PQC should provide a level of security that is comparable with what RSA and ECC provide today in the classical computing world. However, to withstand quantum calculation power, key lengths need to be longer than the usual 2048 bits of RSA or the 256 bits of ECC. Nevertheless, the researchers at Infineon were able to implement New Hope on a commercially available security chip without requiring additional memory space and hence a larger chip size.

Standardization bodies are expected to agree on one or multiple PQC algorithms within the next few years before governments and industries mandate the migration. Infineon is actively participating in the development and standardization process in order to enable a smooth transition and to address security challenges that may arise in the advent of quantum computers.

About quantum computers
A quantum computer uses “qubits” that can exist in any superposition rather than bits (0 or 1) in a conventional device. Consequently, certain calculations can be performed simultaneously and far faster than ever before, solving problems that would require unattainable amounts of conventional computing power today. With operations that are thousands of times faster, quantum computers offer new possibilities, for instance, for searching large databases, for chemical or physical simulations, and in material design, etc. However, this operating power may also allow the decoding of currently used encryption algorithms that are practically impossible to decode with technologies available today.

About Infineon
Infineon Technologies AG is a world leader in semiconductor solutions that make life easier, safer and greener. Microelectronics from Infineon is the key to a better future. In the 2016 fiscal year (ending September 30), the company reported sales of about 6.5 billion euros with more than 36,000 employees worldwide. Infineon is listed on the Frankfurt Stock Exchange (ticker symbol: IFX) and in the USA on the over-the-counter market OTCQX International Premier (ticker symbol: IFNNY).

Follow us: twitter.com/Infineon - facebook.com/Infineon – linkedin.com/infineon

Information Number
INFCCS201705-056