Crunchfish introduces App-integrated Card Emulation (ACE) offering the security of Mobile Card Emulation (MCE) without sacrificing the scalability provided by tokenized card payments with Host-based Card Emulation (HCE).

Card payments is a common payment method that banks offer their customers. To enable card payments from a mobile device in a secure way that is scalable to all customers have proven to be difficult. It is either limited to users of select mobile devices or operators (MCE) or alternatively only available for e-commerce or terminal purchases that requires online clearing. The ground-breaking mobile technology that Crunchfish has developed for offline payments is also applicable for mobile card payments.

This whitepaper by Crunchfish introduces App-integrated Card Emulation (ACE) as a novel way of card emulation. The initial section relates ACE to other ways of Card Emulation (CE) – Mobile Card Emulation (MCE) using a hardware-based Secure Element (SE) and Host-based Card Emulation (HCE) with tokenized payment credentials. The second section discusses Implementation Architectures using hardware-based as well as software-based protection. The third section discusses Data Integrity during runtime operation, for stored data at rest and for data in transit. The conclusion includes a comparison table of MCE, HCE and ACE that summarizes the points raised in the three sections of this whitepaper.

Find the whitepaper on this link.

For more information, please contact:

Joachim Samuelsson, CEO of Crunchfish AB

+46 708 46 47 88

joachim.samuelsson@crunchfish.com 

This information was provided by the above for publication on 15th April 2024 at 15:30 CET.

Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: ca@vhcorp.se. Telephone +46 40 200 250.

About Crunchfish – crunchfish.com

Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR and automotive industry. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with a subsidiary in India.

Download as PDF

Crunchfish Digital Cash AB (“Crunchfish”) has received an International Preliminary Report on Patentability (IPRP) in Chapter II of the Patent Cooperation Treaty (PCT) for a key Digital Cash patent application PCT/SE2023/050294 with a focus on making Digital Cash quantum-safe, indicating that all claims 1 – 45 are deemed patentable. This patent makes Crunchfish Digital Cash future-proof and secured for attacks by quantum computing and extends Crunchfish extensive patent portfolio within the Digital Cash business area.

Crunchfish has applied for a patent that makes Digital Cash resistant to attacks by quantum computing, keeping payment information secure even after large-scale quantum computers has been built. The advent of large-scale quantum computing offers great promise to science and society but brings also significant threats to the global information infrastructure. Public-key Infrastructure, widely used on the internet today, relies upon cryptography that is believed to be secure given the computational power currently available. However, popular cryptographic schemes, including RSA and Elliptic Curve Cryptography, will be easily broken by a quantum computer. This will rapidly accelerate the obsolescence of our currently deployed security systems and will have dramatic impacts on any industry, including payments, where information needs to be kept secure.

The innovation is based on combining two different data integrity schemes and offers a new paradigm for offline payments that addresses the challenges which can be expected in the era of quantum computing. A two-step process is applied. Payments are first negotiated offline by short-range data communication using a quantum-secure cryptographic key as a shared secret. Subsequently, payment settlement by broadband data communication is secured by signing the settlement request with another quantum secure cryptographic key.

With quantum computing, all information that is transmitted on public channels is vulnerable to eavesdropping. Encrypted data can also be stored for later decryption once quantum computing becomes available. Bitcoin is one example where previously made transactions are accessible by anyone and puts a substantial amount of Bitcoin at risk. Even if large-scale quantum computers are still a few years into the future, preparations must be made now, as the timing when technical innovation leapfrogs is hard to predict.

“We are extremely happy that yet another innovation has been deemed patentable. It strengthens Crunchfish leadership in offline payments by making Digital Cash safe for quantum computing attacks. It solves a key problem that must be addressed in the advent of quantum computing”, says Joachim Samuelsson, CEO of Crunchfish.

The patent has priority from a Swedish patent application filed in March 2022. The next step is to enter the phase of nationalization by September 2024 when Crunchfish must decide which markets to protect this important innovation. A patent would be valid until March 2042, 20 years from the original filing date.

For more information, please contact:

Joachim Samuelsson, CEO of Crunchfish AB

+46 708 46 47 88

joachim.samuelsson@crunchfish.com 

This information is such information as Crunchfish AB is obliged to make public pursuant to the EU Market Abuse Regulation. The information was submitted for publication, through the agency of the contact person set out above, at 13:20 CET on April 8th, 2024.

Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: ca@vhcorp.se. Telephone +46 40 200 250.

About Crunchfish – crunchfish.com

Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR and automotive industry. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with a subsidiary in India.

Download as PDF

Crunchfish Digital Cash (“Crunchfish”) has received a positive International Search Report in the international patenting process for its strategically important Trusted Application Protocol (TAP) patent application. Crunchfish’s communication security protocol for mobile applications is based on TAP as it provides end-to-end integrity if internet access is available and enables communication over alternative networks if internet is not available.

Digital payments are not as robust as required given its critical role as a public good in the modern society. This is also true for digital applications in general. Typically implemented using a client server network model, the TAP enables digital service without internet access. Crunchfish’s innovative product Digital Cash telecom is an example of the use of TAP when internet access is not available. This will be piloted for the Digital Rupee, the Central Bank Digital Currency (CBDC) in India. When the internet TCP/IP communication is available the TAP enables end-to-end integrity for client server communications.

The International Search Report (ISR) is the first feedback round in the international PCT patenting process. This has now been issued for Crunchfish’s strategically important TAP patent application with international patent application number PCT/IB2024/051131. The PCT-process and its milestones was described in more detail in the Crunchfish press release from April 2021 when Crunchfish received the ISR for its initial patent application within Digital Cash. 

“The Trusted Application Protocol is a strategically important innovation for Crunchfish as our communication security protocol for mobile applications is based on TAP. Whereas the internet TCP/IP protocol provides survivability in the face of failures between networks, Crunchfish’s TAP provides integrity and robustness for communications between client applications and host servers as well as between applications in proximity”, says Crunchfish CEO and inventor Joachim Samuelsson.

For more information, please contact:

Joachim Samuelsson, CEO of Crunchfish AB

+46 708 46 47 88

joachim.samuelsson@crunchfish.com 

This information is such information as Crunchfish AB is obliged to make public pursuant to the EU Market Abuse Regulation. The information was submitted for publication, through the agency of the contact person set out above, at 15:00 CET on April 2nd, 2024.

Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: ca@vhcorp.se. Telephone +46 40 200 250.

About Crunchfish – crunchfish.com

Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR and automotive industry. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with a subsidiary in India.

Download as PDF

Crunchfish AB (“Crunchfish”) broadens the Digital Cash solution by patenting secure and scalable mobile wallets using Host-based Card Emulation (HCE) for online as well as offline EMV payments leveraging virtual secure elements. This patent-pending application is of strategic importance for Crunchfish as it extends the company’s total addressable market and the near-term revenue opportunities considerably as mobile wallets with tokenized HCE payments is the major digital payment method in the world, with almost 5 billion mobile wallets at the end of 2023.

It is a challenge to add secure HCE payment capabilities to payment applications on smartphones. Payment applications running on smartphones are implemented in software-based Rich Execution Environments (REEs), which provide high level of scalability but have security issues for HCE payment applications. EMV tokens, credentials and other HCE assets are not safe from attacks. To be truly secure, HCE payments must be implemented as a Trusted Application (TA) within a Tamper Resistant Element (TRE) that protects the TA with an isolated secure runtime for storing of EMV tokens, credentials, and other HCE assets.

A key consideration for establishing the required additional security with maintained scalability is how the TRE is implemented. It could either be implemented in hardware or software. HCE payments implemented in a hardware-based TRE are hard to scale as such TREs are controlled by device manufacturers (OEMs) or mobile network operators (MNOs). A software-based virtual TRE adds the required additional security whilst maintaining the desired scalability as it is easily deployable and maintainable on all smartphones, without any OS, OEM, or MNO dependencies. Furthermore, Crunchfish’s novel approach for HCE payments has the potential to enrich HCE payments by adding novel use cases, e.g. offline, scan and pay and P2P payments.

“This innovation is a significant milestone for Crunchfish as it positions Crunchfish as a disruptive technical provider within the mainstream mobile card payments. The total addressable market and near-term revenue opportunities for Crunchfish are significantly increased by adding HCE payment capabilities to our secure and scalable Digital Cash solution for offline payments.”, says Joachim Samuelsson, Crunchfish’s CEO.

For more information, please contact:

Joachim Samuelsson, CEO of Crunchfish AB

+46 708 46 47 88

joachim.samuelsson@crunchfish.com 

This information is such information as Crunchfish AB is obliged to make public pursuant to the EU Market Abuse Regulation. The information was submitted for publication, through the agency of the contact person set out above, at 08:00 CET on March 27th, 2024.

Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: ca@vhcorp.se. Telephone +46 40 200 250.

About Crunchfish – crunchfish.com

Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR and automotive industry. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with a subsidiary in India.

Download as PDF

Crunchfishs VD Joachim Samuelsson deltog på Västra Hamnens Investerardag där han presenterade det senaste kring Crunchfish. I ett efterföljande Lunchsnack med Johan Wimark på Emergers diskuterades presentationen med möjlighet för aktieägare att ställa frågor. Lunchsnacket täckte fem olika områden.   

• Hur ska Crunchfish lösa sin finansiering?
• Varför behövs offline betalningar och hur är Crunchfishs Digital Cash unikt?
• Crunchfish utveckling av Digital Cash fram till idag
• Varför skall man investera i Crunchfish?
• Övriga frågor

Länkar till inspelningarna av de två eventen finns här:

Västra Hamnens Investerardag

Lunchsnack med frågestund

För mer information, kontakta:
Joachim Samuelsson, CEO of Crunchfish AB
+46 708 46 47 88
joachim.samuelsson@crunchfish.com 

This information was provided by the above for publication on 12th March 2024 at 08:30 CET.

Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: ca@vhcorp.se. Telephone +46 40 200 250.

About Crunchfish – crunchfish.com Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR and automotive industry. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with a subsidiary in India.

Protecting offline payment applications is hard as offline payment introduces specific risks relating to bearer instruments and double-spending. Crunchfish Digital Cash offline solution enables offline payment for 3rd party online payment services by offering a secure, isolated runtime and encrypted storage with rollback protection for all offline assets. Crunchfish announces now the Digital Cash protector as an offline payment application protection add-on for 3rd party offline payment services.

Offline payments introduce specific risks that need careful consideration. Since the offline assets reside in a bearer instrument that is in the control of a potential attacker, it is of paramount importance that the payment application takes the necessary precautions to protect the offline assets and any operation performed on them. There are multiple ways that a potential attacker can stage an attack that results in double-spending.

Crunchfish is now announcing Digital Cash protector as an offline payment application protection to increase the security in 3rd party offline payment services. The Digital Cash protector is built with a subset of security features from the Digital Cash offline solution and may be integrated as a security layer by application providers at multiple hierarchical levels.

Figure: Crunchfish Digital Cash protector may be integrated at multiple levels in the payment application.

Protecting offline payment applications is hard, and existing mobile software protections are insufficient for offline payments. Although these protection mechanisms are better than nothing, they do not hold back attackers for long. Please refer to Crunchfish’s recent whitepaper Offline payment on smartphones outlining the risks, mitigations, and key security requirements for offline payments as background information to this announcement.

“Crunchfish Digital Cash is the only offline payment solution for smartphones that is both secure and scalable. The security levels in external offline payments services can now be increased using Digital Cash technology and security features. The Digital Cash protector has already been presented and very well received by many key stakeholders in the Indian payment ecosystem as it augments the security for the offline payment services announced for UPI Lite and the Digital Rupee”, says Joachim Samuelsson, Crunchfish’s CEO.

For more information, please contact:

Joachim Samuelsson, CEO of Crunchfish AB

+46 708 46 47 88

joachim.samuelsson@crunchfish.com 

This information was provided by the above for publication on 13th February 2024 at 08:30 CET.

Västra Hamnen Corporate Finance AB is the Certified Adviser. Email: ca@vhcorp.se. Telephone +46 40 200 250.

About Crunchfish – crunchfish.com

Crunchfish is a deep tech company developing a Digital Cash platform for Banks, Payment Services and CBDC implementations and Gesture Interaction technology for AR/VR and automotive industry. Crunchfish is listed on Nasdaq First North Growth Market since 2016, with headquarters in Malmö, Sweden and with a subsidiary in India.

Download as PDF