Wave Systems Corp. (fka WAVXQ)

[dude_danny]

Wave/ TvTonic/ Visa





Just doing some googling this evening after seeing 2 or 3 Visa/2008 Olympic commercials and possible connections/implications to Wave. Nicely done commericals by the way. Maybe Visa will advertize be on TvTonic... I remember SKS mentioning Visa on several occasions in the past...This deal IMO will bring Wave more customers/contracts...IMO.


http://www.itworld.com/transcriptgeersprague070703?page=0%2C1
Geer:
And what types of threats, as far as I guess plain speaking, end-result type of threats does this prevent, whether it's someone got my personal private information off my laptop or someone took control of my computer or something like this? What's a list of things that this chip would help prevent that aren't completely preventable without it today?

Sprague:
Well, so what a trusted platform module does is it eliminates the support, or the reliance on a consumer-known userID and password. If you tell me your userID and password to your Visa account, I can log on from any computer anywhere in the world. If that Visa account has done a key exchange with a trusted platform module, then I know that Steven Sprague, or the user, has provided a pin number to release the use of that trusted platform module to log me onto my Visa account. So you would have to know two things, my pin number and you'd have to have physical possession of my machine. And it's the reliance on those two different factors of authentication that makes for a very strong authentication session. And having this as a standard capability in every new PC means that ultimately a bank or an enterprise can rely on the fact that ultimately every user will have this same capability. So they can build one system that will support universal, strong authentication across all machines in the network.



http://www.isg.rhul.ac.uk/~kp/EEMV.pdf

"Recently, concerns over merchants running vulnerable payment applications have become so great that beginning
in January 2008, Visa will begin implementing a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system [51]. Visa will only accept payments from merchants using payment applications that adhere to, and have been validated
against, Visa's Payment Application Best Practices (PABP) [50].
In summary, current CNP transaction processing cannot make use of the robust security features available from EMV-compliant ICC cards, and simply reverts to pre-EMV card au-
thentication procedures. This weakness is now being ruthlessly and increasingly exploited by fraudsters, and closing this attack vector represents a signi¯cant challenge to the payment
card industry."


"To combat the threats posed by malware TGs (and by merchants that are non-conformant with the PCI-DSS), we propose e-EMV, a system that makes use of Trusted Computing tech-
nology to securely emulate EMV for CNP transactions. We describe a system architecture encompassing user enrollment, deployment of software cards to customer platforms, card ac-
tivation, and subsequent transaction processing. Our e-EMV proposal uses a combination of application software, a Trusted Platform Module (TPM) [45], a processor (with chipset exten-
sions) [23] and Operating System (OS) support [34, 1] to securely emulate the functionality of
a standard EMV-compliant card in software. We provide a detailed description, at the level of individual TPM commands, showing how this emulation is achieved. We also explain how the security features provided by Trusted Computing are used to obtain an appropriate level of security for our system..."

dude_danny