BBVA API Market
Alfonso Muñoz, Senior Cybersecurity Expert & Research Lead BBVA – Innovation for Security, examined the possibilities afforded by cryptography to ensure user security and generating a single footprint for companies.
What role do APIs play in cryptography?
They play a critical role. We at BBVA are running a program known as “Chameleon”, which aims to provide cryptography as a service. We seek to offer usable cryptography via APIs.
How are you doing this?
APIs allow cryptography to be harnessed in a simple, controlled and audited fashion. For example, if you have an application that needs to encrypt and protect information, instead of having the algorithm built into the application, you can order a third party, the API, to protect your information. Said third party can protect your information via APIs.
What is the biggest cryptography threat to banks?
There are several. One is algorithms using public cloud cryptography. Banks use them in e-commerce and to sign digital documents. In long-term agreements, such as a mortgage or a contract, the information included in such documents could be forged, as technological progress opens the possibility of “resigning” using other algorithms and other mechanisms. The latter would entail quantum computing, which will be a threat in the longer term.
What are the most secure algorithms?
None stand out as the best at present. The problem is that there are a number of different proposals due to a lack of standardization. In other sectors, algorithms are usually presented to the scientific community, which evaluates the same over a number of years and a winner eventually emerges. This is what is lacking in the world of cryptography: a pool of algorithms made available that people can then subject to rigorous testing.
Will passwords become a thing of the past?
Not for the next 10 years, I don’t think. But exposure of the same will decline due to homomorphic encryption. I think passkeys and passwords will become less prevalent, which means the global system will be more secure. Thieves will increasingly only be able to steal from you at very specific moments.
How would you define homomorphic encryption?
It means the computation of encrypted data. I.e. operating with protected information without exposing said data. Without viewing the information.
How does that benefit users?
For users this means greater privacy in the cloud. They can grant third parties access to their information, a tax declaration for example, and allow them to operate using the same while not being able to view the data.
And for businesses?
The possibilities are much greater. It allows companies to outsource things that previously they could not. For banks, which cannot disclose information to third parties by law, it offers the potential to encrypt said information in order to allow an external operator to use the same without having access to the content. For banks it allows enormous flexibility to reduce costs and escalate cloud services.
What costs are involved?
Such encryption would require only a low-cost software program. The problem is that the current investment is more scientific. Work is ongoing to ensure that the algorithm is more secure and faster. The latter objective will be attained by improving mathematical processes.
QR code payment is an alternative form of mobile payment that requires no card chip or NFC technology: just a camera and an internet connection Payments with a QR code are increasingly popular among younger consumers and tourists, as well as one of the most demanded forms of payment, especially by Chinese visitors to Spain. […]
Digital banking or electronic banking is the future of the banking sector, with more and more functionalities and possibilities Digital banking, the virtual and infrastructure transformation of banking telecommunications, is increasingly used. Its ubiquity, accessibility, speed, availability, security and the diversity of available functionalities have clearly attracted users. What is digital banking? What are its […]
ST APIs are an example of an API development architecture increasingly used within companies, partly due to the separation between client and server, the process scalability and reliability, and the low number of resources required by the system. What is a REST API and what architecture examples are available to companies? What can an API […]