Meet us at e-Smart 2008

KerPass will make a presentation at e-Smart conference on the 18th of September 2008. We will present advanced solutions for delivering reliable software tokens on networked devices.

KerPass has obtained “Java Verified” certification.

Version 1.31 of our KerPass UST mobile client has just completed “Java Verified” certification. Such quality certification that focus mainly on usability will allow us to simplify the dialog with mobile operators, as we realized that the lake of it was complicating discussions.
When first approached, “Java Verified” is no picnic. Thanks to Orange partners and NSTL for making this easier to achieve.

Defeating the “Man in the Middle”, mobile SignCode to the rescue.

Right from the inception of the KerPass system, we considered “transaction validation” to be part of our roadmap. We took some time to develop a portable digital signature system based on elliptic curve cryptography and proposed additionally to it something we call “Password signature” which is a digital signature that you can use like a password. Read more »

Mobile Android, it’s the applications stupid …

It is too early to be sure that Google and its followers of the open handset alliance will really deliver every promises that the mobile Android platform imply , however it looks to us that this project take a refreshing approach on what a mobile platform shall deliver.

The emergence of Android could be much more disruptive than say the release of the Iphone, as it can reach everybody phone …

Read more »

The mobile phone as a token container, can we trust storage ?

One question KerPass often receive relates to how safe is using a phone to store software token ? A mobile token like the one part of the KerPass UST system, requires storing several cryptographic keys. Security specialists generally consider that software token are not reliable because nearby malicious software can read and duplicate the private information it contains. Common sense certainly suggests that a secure storage system (eg smart card) is a better location to store private keys than say disk storage. That said the complete analogy that most are making in between the modern open and insecure pc and the mobile phone is not accurate. They are reasons beyond “It is nice to have that there…” that make the mobile phone well suited to be a token container.
Read more »

Meet us at Ip Convergence :

KerPass is making a presentation at the Ip convergence expo in Paris on the 3,4,5 October 2007. Our presentation (in French but speakers can attend you in English…) will be on the 3rd of October at 17:10 hrs , as part of the European telecom startup event.

Thanks to CEFT (Club des entrepreneurs francais des telecom) for their invitation.

If you want to have a hand on demo on how to make full use of the UST token system, or get to know the new SMS token system this is the place.

New KerPass API on line

We took quite a while to come here, but the new API is finally operational :
Time synchronous one time password and ECDSA digital signatures can be used in the context of any web application, after installing KerPass onto end user mobile phone.

• The demo as usual allows an efficient hand on introduction to the complete system
• At https://realm.kerpass.com/ you find a web application for creating and administering security realm to support your own applications
• The url https://api.kerpass.com/ provide full access to the api.
• All KerPass documentation can be found here.

Don’t hesitate to contact us to obtain the necessary applications to install onto end user mobile phone.

Meet us at l’Atelier in Paris.

L’Atelier is a Paris based technological information group, also active in the US and Asia. L’Atelier is owned by BNP-Paribas bank , and is quite unique in its focus on mobility applications.

KerPass presentation will take place on the 29th May 2007 at 09:00. Depending upon the participants, presentation is most likely to be held in French. Speakers however are fluent in English and will be pleased to answer to your questions in that language.

Participants need to register on the atelier website following the red arrow link.

Will NFC emerge ?

As others we are quite interested in the possibilities opened by the near field communication interface expected to be on a fair number of european smart phones by year 2011-2012. Our interest was initially sparked by questions asking us how the KerPass mobile transaction validation solution was related to the proximity payment systems based on the NFC technologies. As of today, there is no relation in between those two solutions except that both deal with personal transaction validation. Meanwhile in Japan and other advanced Asian countries real world point of sale payment system allow to use a mobile phone as a contactless payment card , the rest of the world is engaged in lengthy field pilot trials of payment/ticketing systems based on much the same technologies. In what follows we rapidly mention what capabilities NFC add to the ubiquituous smartphone, and mention our view that point of sale transaction validation maybe tackled as efficiently leveraging what mobile phones already have.
Read more »

Universal security token , pictures …

Some pictures of the coming soon mobile universal security token together with related user stories. For our fellow mobile application developers , during development we try to test on real devices as early as possible and we use for this a low end device. This allow being more efficient in adressing real world issues , as simulators are generally not matching well real device performances.
Phone display photographing is a pain , fortunatly we found a helpfull girl who knows …

First start :

As the token requires network access , we first check that the device connection has been correctly parametrized. We found good inspiration by looking to Opera mini for this. If only mobile operators were trying to help here by documenting clearly the settings for their APN on a per device basis.

Read more »