Henry Schwarz



Bio
Henry Schwarz

Henry Schwarz grew up in Melbourne Australia, and currently lives in New York.
Triton

Henry is Software Security Director at Triton, one of the world's most successful ATM (banking machine) manufacturers. In working with Triton since 1999, he has played a key technical and managerial role in the development and deployment of many tens of thousands of ATMs.

Henry has developed (designed, coded, managed, and supported) many components of the software running on all Triton ATMs and their surrounding systems, such as:
Financial transaction messages between ATMs and financial institutions
Financial transaction security, such as PIN encryption and message authentication
Encrypting PIN-pad (keypad and security module), including its interface, cryptosystems, and PCI compliance
Card reader, including cryptographic protections, anti-skim defenses, and EMV and NFC cards
Remote Key Transfer, using PKI to deliver initial cryptographic keys from financial institutions to ATMs over public networks
Key blocks, to prevent the misuse of cryptographic keys for unintended purposes
Device drivers, for low-level control of embedded hardware
Firewall, to block unauthorized communications
Code signing, to only allow cryptographically authorized software to run on the ATM
SSL/TLS, to cryptographically protect internet communications
Cash dispenser interface security, to prevent malicious hardware from issuing bogus commands

Henry's many other tasks with Triton have included:
• Supervised and managed teams of programmers based in the US, China, and India
• Wrote and presented lectures and sat on panels about banking security technology as Triton's representative at industry conferences
• Worked with many financial institutions worldwide to define requirements, prototype ATM software at the institutions' premises, and manage the institutions' formal certifications of Triton's ATMs
• Developed Triton's fuel pump and server for Alliance AutoGas, writing software to manage flow of fuel and usage of hoses and nozzles, perform payment transactions, and handle membership
Next Payments

Henry has developed systems currently used by Next Payments, a leading Australian technology provider for ATMs and payments.

• Developed transaction server which accesses casino management systems (eBet, IGT, Aristocrat, MAX, Odyssey). Used by Rewards Teller to redeem loyalty points in lieu of ATM surcharge. Also used by GSL to make retail purchases using loyalty points

• Developed software to receive gaming and membership data from casino management systems and deliver it to Eagle i360 which allows staff to view data in real-time

• Developed transaction server which accesses TAB gaming system to allow ATMs to withdraw or deposit cash
Akyman

Henry was an early pioneer in the development of terminals for electronic funds transfers (EFT) at the retail point-of-sale (POS), working at Akyman as Manager Software Engineering from 1987 to 1997.

Henry single-handedly (as the only software engineer) developed the software running on Akyman's payment terminals for many financial institutions, including:
• American Express
• First Data
• National Australia Bank
• ETSL New Zealand
• Thai Military Bank
• Cashcard Australia
• Colonial State Bank
• Papua New Guinea Banking Corporation

Henry designed, coded, managed, and supported many EFT-POS systems, including:
• Australia's first ever commercial smart card application, Melbourne Central's Smart Park
• Hardware module adding EFT functionality to PCs and cash registers (brochure, brochure, brochure)
• World-first handheld wireless EFT-POS terminal (brochure, brochure)
• PKI system to deliver initial cryptographic keys from financial institutions to terminals over public networks
• Handheld wireless terminal to place bets for Australian Jockey Club and Sydney Turf Club
• Stand-alone EFT-POS terminal for real-time online transactions and for storing offline transactions locally within the terminal and then batch uploading at end of day (brochure)

Henry developed software in all areas of EFT-POS terminals, including:
• Operating system
• Online financial transactions
• Cryptographic systems
• Telecommunications
• Device drivers
• User interface
Technical Expertise

Software engineering – "Full stack" developer, programming high level applications and low level drivers in languages including: C, C++, C#, Java, assembly, JavaScript, ASP, ASP.NET, PHP, Perl, CGI, SQL, and others. All phases of software development lifecycle
Security – Designing and implementing strong cryptosystems and hardware security modules. Detailed technical understanding (down to the bit/byte level) of cryptographic algorithms, SSL, PKI, certificates, etc.
Embedded systems – Developing software and firmware for new electronic devices, creating bootloaders, operating systems, and device drivers
Communications – Designing and utilizing many protocols, standards, and media for transporting data, both locally and remotely. Developing clients and servers, such as browsers, websites, and web services. Expertise in internet protocols such as IP, TCP, SSL, HTTP, HTML, XML, CSS, JSON
Financial transactions – Designing and implementing applications to perform financial operations, with a deep understanding of online financial message protocols, bank account management, EMV and NFC, XFS, etc. A "fintechnologist"
Phone apps – Developing apps running on smart phones
Amazon Web Services – Coding for and deploying many AWS services, such as Lambda, API Gateway, RDS, S3, CloudWatch, IAM, EC2, and VPC
Terminal components – Devices employed by POS and ATM equipment, such as card readers (magnetic stripe, contact, contactless), encrypting PIN-pads, cash dispensers, printers, display screens, modems, and fuel pumps
Research and writing – Authoring and typesetting documentation, including white papers, systems analysis and design, and manuals
Education

Monash University (Melbourne, 1986-1989) – Bachelor of Science, major in Computer Science, minor in Mathematics. One of the Group of Eight, Australia's Ivy League universities

Joseph Fourier University (Grenoble France, 1990) – Internship, developed analogue circuit simulator software

Memberships
Mensa

Mensa
US Secret Service<br />Cyber Fraud Task Force

US Secret Service
Cyber Fraud Task Force
US FBI<br />InfraGard

US FBI
InfraGard
Standards Australia IT-5-4<br />Authentication and Security

Standards Australia IT-5-4
Authentication and Security
ATM Industry Association

ATM Industry Association:

• ATM Criminal Activity Forum
• ATM Security Committee
National Institute of Standards and Technology<br/>National Cybersecurity Center of Excellence

National Institute of Standards and Technology
National Cybersecurity Center of Excellence

Communities of Interest:

• Migration to Post-Quantum Cryptography
• Automation of the NIST
Cryptographic Module Validation Program

Active Projects
SecTerm

Ultra-secure internet terminal
Graphrase

Multimedia translator
Known Truth

Oath book

Patents
US-7962742-B2

Sterile internet platform
on hardware security module
as PC peripheral
US-8375203-B2

Defense against fraudulent hosts
when loading secret keys into an ATM
over a public network

Blogs – Schwarz Tharz (pronounced "thoughts")
Henry's ATM & EFT-POS security blog

Featured post: Black Hatted
Henry

Henry's posts on Triton's ATMatom blog
The Schwarzes versus Hurricane Sandy
New York 2012

Interviewee
The Washington Post

The Washington Post
The Street

The Street
Dark reading

Dark reading
Bank Info Security

Bank Info Security

Name
Unary, binary, ternary, ..., n-ary Schwarz Ambigram

Ambigram
May the Schwarz be with you

May the Schwarz be with you
Unwelcome

Unwelcome
ərz

Latin character Ə is named "Schwa"

Contact
If this is an emergency, call 9-1-1

Phone:
+1 646 812 7512

Fax:
+1 646 478 9497

Email:
henry@henryschwarz.com

Submit message to Henry:



I'm not a human
To confirm that you are a robot, not a pesky human, click on the block each time it moves





Copyright © Henry Schwarz