Designed and implemented cryptological framework for retail point-of-sale credit card processing. Implemented RSA algorithm, including Miller-Rabin key generation, in platform independent C. Also implemented code for DUKPT key derivation algorithm and TR-31 key distribution format.
Designed architecture for certificate authority to operate at factory. Implemented offline certificate authority using hardware security modules and PKCS11 / Python / OpenSSL. Assisted with implementation of embedded certificate request generation and certificate validation.
Designed and implemented custom protocol for key establishment between multiple secure elements in a hardware device. The protocol used an external HSM to authenticate an elliptical curve Diffie-Hellman key exchange. As part of implementation, wrote or extended four software modules: (1) embedded C code for secure elements; (2) Android app to manage secure element key exchange and communicate with external HSM; (3) Shared library in C to perform core cryptographic operations with HSM via PCKS11 API; (4) Python app to provide interface between device Android app and cryptographic shared library via ctypes. Deployed system to ODM partner facilities.
Wrote CMAC implementation that was merged into mbedTLS.
Patched HAProxy and OpenSSL to fingerprint device type from TLS Client Hello messages. The solution allowed the server to upgrade its TLS stack while retaining support for legacy devices.
Wrote Hardware Abstraction Layers to connect mbedTLS with proprietary cryptologic libraries provided by chipset vendors.
Designed cryptologic framework for secure capture of logs from embedded system via RSA encryption. Wrote PKCS11 application to decode logs.
Customized OpenSSL and Android Java Native Interface bindings to comply with PCI PTS cryptography standards.
Represented Clover on the X9 Committee for Financial Industry Standards. Participated in the ANSI X9F4 working group on cryptographic standards and protocols.
