Archive for January, 2007|Monthly archive page

Moving to elliptic curve cryptography …

Posted January 31, 2007
Filed under: crypto, mobile |
* Leave a Comment

It took us quite a while to set it right , but we eventually have our own elliptic curve crypto library up and running. KerPass aligns itself with US government security practice . This move means a lot in term of coming features for the system , as this will enable us to improve token capabilities with the possibility to generate non repudiable electronic signature on the phone.

What we have learnt on the way , is that if you target mobile java device there is currently no off the shelf library that delivers sufficient performance for ECC to perform acceptably well on low end java enabled phone. Hence the bold move of doing it ourselves , in an effort to make it fast (using well known optimizations) without resorting to use patented shortcuts.

Patent , protecting innovation 101…

Posted January 28, 2007
Filed under: patent, startups |
* Leave a Comment

We are not expert in intellectual property , but as an organisation heavily engaged into innovation , we had to educate ourselves on the basis of the patent laws. We think it is interesting to share what we have learnt on the way.

What are patents ?

A patent give you an enforceable right to derive revenues from an invention and exclude others from using it , such right being enforceable in the country where the patent has been granted.
Read more »

Phishing , Dns poisoning , Man in the middle …

Posted January 25, 2007
Filed under: fraud, identity theft |
* Leave a Comment

Let’s start our journey in modern web application security by reviewing what is behind those words widely used but poorly understood by the majority of us.

Things are really not as complicated as they sound , the main mechanism behind those vulnerabilities relates to the fact that the http protocol provides no guarantee that you (the internaut) is really interacting with the intended site. Using various strategies an adversary can insert itself in between your browser and the site you intend to visit , and reuse your credentials to achieve its own objectives…
Read more »

IPhone …

Posted January 23, 2007
Filed under: iphone, mobile |
* Leave a Comment

As mobile application developpers confronted daily to the “device fragmentation” problem , we constantly try to anticipate what devices will succeed in the marketplace , and what this would mean for the hard to define “mobile platform” as a whole.
Read more »